1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Potential rootkit/other issues on laptop

Discussion in 'Virus & Other Malware Removal' started by yonderwanderer, Nov 19, 2011.

Thread Status:
Not open for further replies.
  1. yonderwanderer

    yonderwanderer Thread Starter

    Joined:
    Apr 28, 2009
    Messages:
    21
    Laptop has been running a bit slowly, and after trying some of the more conventional means to speeding it up, I started running some checks on it. MBAM came up clean, but Spybot picked up a TDSS trojan, which from my understanding is a rootkit. I've attached the requested logs below. Thanks for your help!

    HJT:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:44:36 PM, on 11/19/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
    C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\David\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/siriusinternetradio
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111112114409.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
    O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"
    O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\David\Application Data\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {99C7B1B6-C556-4BA2-BBF6-4E19394A260B} (RNTProcessManager Control) - https://helpcenter.homestead.com/rnt/rnw/client_files/RNTProcMan.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intuitcorp.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

    --
    End of file - 17716 bytes



    DDS:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
    Run by David at 12:48:00 on 2011-11-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2327 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
    C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\David\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\REGSVR32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sirius.com/siriusinternetradio
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_16\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111112114409.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [<NO NAME>]
    mRun: [TpShocks] TpShocks.exe
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
    mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
    mRun: [LPMailChecker] c:\progra~1\lenovo\lenovo~2\LPMLCHK.exe
    mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
    mRun: [LCONTROL] "c:\program files\lenovo\atk hotkey\LCONTROL.exe"
    mRun: [LFKA] "c:\program files\lenovo\atk hotkey\LFKA.exe"
    mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
    mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\david\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\david\application data\dropbox\bin\Dropbox.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_16\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
    DPF: {99C7B1B6-C556-4BA2-BBF6-4E19394A260B} - hxxps://helpcenter.homestead.com/rnt/rnw/client_files/RNTProcMan.cab
    DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuitcorp.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{92716D68-29B0-4FFD-A7B2-2B426E1A9A4E} : DhcpNameServer = 192.168.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: ACNotify - ACNotify.dll
    Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
    Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Notification Packages = scecli ACGina
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\rwuf02i0.default\
    FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\afurladvisor.dll
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
    FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJPI150_16.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: afurladvisor: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 464176]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-28 89792]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2008-10-26 208896]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-28 94880]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-28 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-28 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-28 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-28 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-28 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-28 150856]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-10-26 94208]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
    R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 253952]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-8-3 645048]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-28 57600]
    R3 DCamUSBGene;Integrated Camera;c:\windows\system32\drivers\USBSTK.sys [2008-10-26 173584]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-10-12 26137]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-28 180816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-28 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-28 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-28 83856]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-10-26 38304]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
    S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]
    S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-10-12 155152]
    S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [2010-1-4 132096]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-28 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-28 87656]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-28 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-28 40552]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-29 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-05 23:17:55 -------- d-----w- c:\documents and settings\david\local settings\application data\Solid State Networks
    .
    ==================== Find3M ====================
    .
    2011-11-19 19:21:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-15 20:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-10-15 20:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-10-15 20:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-10-15 20:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-10-15 20:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-10-15 20:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-10-15 20:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-10-15 20:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-10-15 20:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-10-15 20:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:05:47 599552 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-31 14:24:13 36864 ----a-w- C:\nphssb.dll
    2011-08-31 14:24:03 45056 ----a-w- c:\windows\system32\HSSICore.dll
    2011-08-31 14:24:03 40960 ----a-w- c:\windows\system32\HS_live.ocx
    2011-08-31 14:24:03 184320 ----a-w- c:\windows\system32\OESICore.dll
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 12:48:31.64 ===============




    Gmer:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-19 14:24:39
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0084
    Running: u39r6tnb.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\uwdorkow.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DF24C0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DF24D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DF2500]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9DF2556]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DF24AC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DF2484]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DF2498]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DF24EA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9DF252C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DF2516]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DF2580]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9DF256C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9DF2540]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9DF2544 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9DF255A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B9DF2570 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9DF2530 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9DF2488 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9DF249C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B9DF2584 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B9DF251A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9DF24EE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B9DF24C4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B9DF24D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B9DF2504 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9DF24B0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7C4C380, 0x37DE8D, 0xE8000020]
    ? C:\DOCUME~1\David\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0FEF
    .text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0FCD
    .text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0FDE
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA000A
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0FA6
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA009B
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0080
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0FC3
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FDE
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00CE
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA00BD
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0115
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00FA
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0130
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0065
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA001B
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA00AC
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0040
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FEF
    .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00DF
    .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FAF
    .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F80
    .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FC0
    .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00000
    .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C0003D
    .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF
    .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C0002C
    .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C0001B
    .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0053
    .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0038
    .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0016
    .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FEF
    .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0027
    .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FD2
    .text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00BC0FE5
    .text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00BC0000
    .text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00BC0FD4
    .text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00BC0FC3
    .text C:\WINDOWS\Explorer.EXE[412] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
    .text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B5000A
    .text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B50FEF
    .text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B5001B
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B20000
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B20FA5
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B200A4
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B20089
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B20FC0
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B2003D
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B200DC
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B20F94
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B20101
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B20F5E
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B20F43
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B20058
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B2001B
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B200B5
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B2002C
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B20FE5
    .text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B20F83
    .text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03520FB9
    .text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03520040
    .text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03520FCA
    .text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03520000
    .text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03520F83
    .text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03520FE5
    .text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03520F9E
    .text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [72, 8B] {JB 0xffffffffffffff8d}
    .text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03520025
    .text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02E60FC8
    .text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!system 77C293C7 5 Bytes JMP 02E60FD9
    .text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02E60038
    .text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02E6000C
    .text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02E60049
    .text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02E6001D
    .text C:\WINDOWS\System32\svchost.exe[544] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D8000A
    .text C:\WINDOWS\System32\svchost.exe[544] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 02D70FEF
    .text C:\WINDOWS\System32\svchost.exe[544] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 02D70FD4
    .text C:\WINDOWS\System32\svchost.exe[544] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 02D7000A
    .text C:\WINDOWS\System32\svchost.exe[544] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 02D7001B
    .text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00920FEF
    .text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00920025
    .text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910000
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00910F7C
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00910F8D
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910FA8
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910FB9
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0091005B
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910F5A
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910F6B
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910F35
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009100CE
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00910F24
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910FD4
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910025
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0091008C
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910040
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910FEF
    .text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009100BD
    .text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00900FA8
    .text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900040
    .text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00900FC3
    .text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00900FD4
    .text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0090002F
    .text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900FEF
    .text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00900F8D
    .text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 88] {MOV AL, 0x88}
    .text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900014
    .text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0044
    .text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0033
    .text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FCD
    .text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
    .text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0018
    .text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FDE
    .text C:\WINDOWS\system32\svchost.exe[612] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00930000
    .text C:\WINDOWS\system32\svchost.exe[612] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00930FE5
    .text C:\WINDOWS\system32\svchost.exe[612] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00930025
    .text C:\WINDOWS\system32\svchost.exe[612] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00930FD4
    .text C:\WINDOWS\system32\svchost.exe[612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C10FEF
    .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C10FCD
    .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C10FDE
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C0000A
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F83
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00078
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C0005B
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00F9E
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00039
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C0009D
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F4B
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000DD
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F3A
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F29
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C0004A
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FEF
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00F68
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00FCD
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FDE
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000B8
    .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF004A
    .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF009B
    .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF002F
    .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0014
    .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0080
    .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
    .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF006F
    .text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FDE
    .text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20F8B
    .text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20FA6
    .text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FD2
    .text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FE3
    .text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20FC1
    .text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C2000C
    .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007A0000
    .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A002C
    .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A001B
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790FEF
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00790065
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00790F70
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00790F81
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [83]
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790F9E
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790FAF
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790F27
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00790F44
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0079009E
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00790EFB
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007900AF
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00790036
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0079000A
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00790F55
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00790FC0
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0079001B
    .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00790F16
    .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D001B
    .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D006C
    .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0FD4
    .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0000
    .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D0FAF
    .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D0FEF
    .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007D0051
    .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D002C
    .text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007C0F9E
    .text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!system 77C293C7 5 Bytes JMP 007C0033
    .text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007C0011
    .text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007C0FE3
    .text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007C0022
    .text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007C0000
    .text C:\WINDOWS\system32\svchost.exe[888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007B0000
    .text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E90FEF
    .text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90011
    .text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90000
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FEF
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80093
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80F94
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E8006E
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80FA5
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80FC0
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E800BA
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80F72
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E80F3C
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E800D5
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E80F21
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80047
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E80000
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E80F83
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E8002C
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80011
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E80F57
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0FDB
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0F8A
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC002C
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0011
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0F9B
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0FC0
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0047
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB001D
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0F9C
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0FB7
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FEF
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB000C
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FD2
    .text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0000
    .text C:\WINDOWS\system32\services.exe[1684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00780FE5
    .text C:\WINDOWS\system32\services.exe[1684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00780FB9
    .text C:\WINDOWS\system32\services.exe[1684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00780FCA
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0077000A
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007700AB
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770090
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770FAC
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770069
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770047
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770F80
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F91
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770F4A
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770F6F
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007700FE
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770058
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0077001B
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007700BC
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770FDB
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770036
    .text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007700ED
    .text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093001B
    .text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F83
    .text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FD4
    .text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FE5
    .text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930036
    .text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
    .text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F94
    .text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
    .text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FA5
    .text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007A0FBC
    .text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!system 77C293C7 5 Bytes JMP 007A0047
    .text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007A002C
    .text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007A0000
    .text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007A0FD7
    .text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007A0011
    .text C:\WINDOWS\system32\services.exe[1684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00790FE5
    .text C:\WINDOWS\system32\lsass.exe[1696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C30FEF
    .text C:\WINDOWS\system32\lsass.exe[1696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C30014
    .text C:\WINDOWS\system32\lsass.exe[1696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C30FDE
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20000
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C2007D
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20062
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F94
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20047
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FAF
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C200B5
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F6D
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F2D
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F3E
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20F12
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20036
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FE5
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20098
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FCA
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C2001B
    .text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C200C6
    .text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0039
    .text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0080
    .text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FDE
    .text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FEF
    .text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0FCD
    .text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0000
    .text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF0065
    .text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF004A
    .text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0F9C
    .text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FB7
    .text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE001D
    .text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
    .text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FD2
    .text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FE3
    .text C:\WINDOWS\system32\lsass.exe[1696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C50FEF
    .text C:\WINDOWS\system32\lsass.exe[1696] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00C4000A
    .text C:\WINDOWS\system32\lsass.exe[1696] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00C40FEF
    .text C:\WINDOWS\system32\lsass.exe[1696] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00C40FD4
    .text C:\WINDOWS\system32\lsass.exe[1696] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00C40FC3
    .text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AD0FE5
    .text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AD001B
    .text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AD000A
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC0000
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AC005B
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AC004A
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC0F7C
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AC0F8D
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AC0FB9
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AC008C
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AC0F3A
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC00A7
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AC0F0E
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AC0EF3
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AC0FA8
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC001B
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AC0F4B
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AC0FD4
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AC0FE5
    .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AC0F1F
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F90025
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F90065
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F90014
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F90FD4
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F9004A
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F90FE5
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F90FA8
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [19, 89]
    .text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F90FC3
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F80027
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F80016
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F80FC1
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F80FE3
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F80FA6
    .text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F80FD2
    .text C:\WINDOWS\system32\svchost.exe[1948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F7000A
    .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0FEF
    .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB001E
    .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0FDE
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0045
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F50
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F61
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F72
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FA8
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0073
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F2B
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0EEE
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F09
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00A2
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0F8D
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FDE
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0056
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0014
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FC3
    .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F1A
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C2001B
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20F91
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C2000A
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C20FDE
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C2004E
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20FEF
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C2003D
    .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C2002C
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10027
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10F9C
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FD2
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10000
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FB7
    .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10FE3
    .text C:\WINDOWS\system32\svchost.exe[2024] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\SearchIndexer.exe[2492] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\WINDOWS\System32\svchost.exe[3672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F80000
    .text C:\WINDOWS\System32\svchost.exe[3672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F8001B
    .text C:\WINDOWS\System32\svchost.exe[3672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F80FE5
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FEF
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F6F
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F7006E
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F94
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70FA5
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70036
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700AB
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F7009A
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700DA
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F37
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F700EB
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70047
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70FDE
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70089
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70025
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70014
    .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F48
    .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F6002C
    .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F6007D
    .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60011
    .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FE5
    .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6006C
    .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60000
    .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F60051
    .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FC0
    .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50025
    .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F5000A
    .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FB5
    .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
    .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50FA4
    .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FD2
    .text C:\WINDOWS\System32\svchost.exe[3672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \FileSystem\Fastfat \Fat A60A0D20

    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    ---- Files - GMER 1.0.15 ----

    File C:\RRbackups\common 0 bytes
    File C:\RRbackups\common\css.dat 8192 bytes
    File C:\RRbackups\common\hints.dat 8192 bytes
    File C:\RRbackups\common\mnd.dat 8192 bytes
    File C:\RRbackups\common\regcerts.dat 8192 bytes
    File C:\RRbackups\common\restore.log 110 bytes
    File C:\RRbackups\common\rr.log 46749 bytes
    File C:\RRbackups\common\SAM 262144 bytes
    File C:\RRbackups\common\secpolicy.dat 53248 bytes
    File C:\RRbackups\common\settings.dat 32768 bytes
    File C:\RRbackups\common\system.dat 12288 bytes
    File C:\RRbackups\common\tvtcmn.dat 8192 bytes
    File C:\RRbackups\common\tvtns.bin 23 bytes
    File C:\RRbackups\common\usersids.dat 15600 bytes
    File C:\RRbackups\Documents and Settings 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\629bd1bf-a728-4cdc-9610-2ec4824cfb09 388 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\e86ca37e-3389-480d-addd-5c6935ca5031 388 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\All Users 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\enroll.ini 26 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\404b466b6bfefd5de0c0a19f33336d46_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 1753 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 52 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 57 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4a83060920cae32caf902bed48d1fdd9_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 58 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 47 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 54 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\94348ade95b67e8f2e884ed7b348b833_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 59 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 893 bytes
    File C:\RRbackups\Documents and Settings\David 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo\Client Security Solution 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo\Client Security Solution\encobject.dat 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo\Client Security Solution\enroll.ini 32 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\146482325737612d5fbcd71839d49d49_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 50 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\6b29ae44e85efac3c72ff4d1865d73f1_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 53 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\83aa4cc77f591dfc2374580bbd95f6ba_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 45 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\8f71098770f72c7a67cd8f1151619865_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 54 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\adeb89ff2937a9e80129150f89620a82_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 46 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\ba8f712c43fd8d5f5868f7b4f8810b80_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 1282 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\CREDHIST 24 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\629bd1bf-a728-4cdc-9610-2ec4824cfb09 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\e86ca37e-3389-480d-addd-5c6935ca5031 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\09608543-522c-407a-961f-7d504d5f659b 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\0efa761f-3219-432c-b71f-24d3649f99e3 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\3418d27b-37fb-4533-9dab-b86d52edfb9b 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\3af62701-295e-4f22-9e45-97103d15df62 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\52ab6384-a368-47f6-b000-2a1c887ce3e5 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\5df9b9d6-14ea-4792-b9b4-61535e4a4029 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\6269122e-bd6d-48df-943f-ebbf2916f8cf 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\71a64068-c024-41f3-8a26-5c09fa767db1 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\86c775de-6258-4566-95e5-c79e869c3d45 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\9dc73b65-89f5-4a53-adaf-149091bede23 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\9e48b52a-344b-43b1-89d7-a8cf35fa95f1 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\de567267-80d8-4048-93fa-c316cd137e01 388 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\Request 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\Request\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\Request\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\Request\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\Default User 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\629bd1bf-a728-4cdc-9610-2ec4824cfb09 388 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\e86ca37e-3389-480d-addd-5c6935ca5031 388 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\FR 0 bytes
    File C:\RRbackups\FR\KernelFileDigest.dat 17513 bytes
    File C:\RRbackups\FR\UF 0 bytes
    File C:\RRbackups\FR\UF\boot.ini 211 bytes
    File C:\RRbackups\FR\UF\documents and settings 0 bytes
    File C:\RRbackups\FR\UF\documents and settings\default user 0 bytes
    File C:\RRbackups\FR\UF\documents and settings\default user\ntuser.dat 1048576 bytes
    File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
    File C:\RRbackups\FR\UF\NTLDR 250048 bytes
    File C:\RRbackups\FR\UF\WINDOWS 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\explorer.exe 1033728 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\Fonts 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\Fonts\mangal.ttf 143864 bytes
    File C:\RRbackups\FR\UF\WINDOWS\Fonts\marlett.ttf 24124 bytes
    File C:\RRbackups\FR\UF\WINDOWS\Fonts\micross.ttf 461672 bytes
    File C:\RRbackups\FR\UF\WINDOWS\Fonts\mvboli.ttf 40500 bytes
    File C:\RRbackups\FR\UF\WINDOWS\Fonts\vgaoem.fon 5168 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\advapi32.dll 617472 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\advpack.dll 128512 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\authz.dll 62464 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\autochk.exe 588800 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\basesrv.dll 52736 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\bootvid.dll 12288 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\browseui.dll 1025024 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\chkdsk.exe 11776 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\cmd.exe 389120 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\comctl32.dll 617472 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\comdlg32.dll 276992 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\config 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\config\default 262144 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\config\SAM 262144 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\config\SECURITY 262144 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\config\software 25427968 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\config\system 5767168 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\config\userdiff 262144 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\crypt32.dll 599552 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\cryptdll.dll 33280 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\cryptui.dll 512512 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\cscdll.dll 101888 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\csrsrv.dll 33280 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\csrss.exe 6144 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\c_1252.nls 66082 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\c_936.nls 196642 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\dnsapi.dll 149504 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\doskey.exe 10752 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\dpcdll.dll 102912 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpi.sys 187776 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpiec.sys 11648 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\afd.sys 138496 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk6.sys 37376 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk7.sys 37760 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\arp1394.sys 60800 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\asyncmac.sys 14336 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atapi.sys 96512 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmlane.sys 55808 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\beep.sys 4224 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\bridge.sys 71552 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cbidf2k.sys 13952 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdaudio.sys 18688 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdfs.sys 63744 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdrom.sys 62976 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\classpnp.sys 49536 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cpqdap01.sys 11776 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\crusoe.sys 36736 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\disk.sys 36352 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\diskdump.sys 14208 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmboot.sys 799744 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmio.sys 153344 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys 5888 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxapi.sys 10496 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxg.sys 71168 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxgthk.sys 3328 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fastfat.sys 143744 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fdc.sys 27392 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fips.sys 44544 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\flpydisk.sys 20480 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fltMgr.sys 129792 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fsvga.sys 12160 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fs_rec.sys 7936 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ftdisk.sys 125056 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidclass.sys 36864 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidparse.sys 24960 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidusb.sys 10368 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\http.sys 265728 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\i8042prt.sys 52480 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\imapi.sys 42112 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\intelppm.sys 36352 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ip6fw.sys 36608 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipfltdrv.sys 32896 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipinip.sys 20864 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipnat.sys 152832 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipsec.sys 75264 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\irenum.sys 11264 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\isapnp.sys 37248 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\kbdclass.sys 24576 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ks.sys 141056 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ksecdd.sys 92928 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mcd.sys 7680 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mf.sys 63744 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\modem.sys 30080 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouclass.sys 23040 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mountmgr.sys 42368 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxdav.sys 180608 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxsmb.sys 456320 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msfs.sys 19072 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msgpc.sys 35072 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mssmbios.sys 15488 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mup.sys 105472 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndis.sys 182656 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndistapi.sys 10496 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndisuio.sys 14592 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndiswan.sys 91520 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndproxy.sys 40960 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbt.sys 162816 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nic1394.sys 61824 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nikedrv.sys 12032 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\npfs.sys 30848 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ntfs.sys 574976 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\null.sys 2944 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkflt.sys 12416 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkfwd.sys 32512 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkipx.sys 88320 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnknb.sys 63232 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkspx.sys 55936 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\oprghdlr.sys 3456 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\p3.sys 42752 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parport.sys 80128 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\partmgr.sys 19712 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parvdm.sys 6784 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pci.sys 68224 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciide.sys 3328 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciidex.sys 24960 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pcmcia.sys 120192 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\processr.sys 35840 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ptilink.sys 17792 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasacd.sys 8832 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasl2tp.sys 51328 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspppoe.sys 41472 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspptp.sys 48384 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspti.sys 16512 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rawwan.sys 34432 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdbss.sys 175744 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpcdd.sys 4224 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpdr.sys 196224 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpwd.sys 139656 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\redbook.sys 57600 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rio8drv.sys 12032 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\riodrv.sys 12032 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\RMCast.sys 203136 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rndismp.sys 30592 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rootmdm.sys 5888 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\scsiport.sys 96384 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sdbus.sys 79232 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cinemst2.sys 262528 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\gm.dls 3440660 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mnmdd.sys 4224 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nmnt.sys 40320 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\psched.sys 69120 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\secdrv.sys 20480 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tosdvd.sys 51712 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serenum.sys 15744 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serial.sys 64512 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffdisk.sys 11904 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffp_sd.sys 11008 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sfloppy.sys 11392 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\smclib.sys 14592 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sonydcam.sys 25344 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sr.sys 73472 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\srv.sys 357888 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\stream.sys 49408 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\swenum.sys 4352 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\syntp.sys 177632 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tape.sys 14976 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip.sys 361600 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip6.sys 226880 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdi.sys 19072 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdpipe.sys 12040 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdtcp.sys 21896 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\termdd.sys 40840 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tsbvcap.sys 21376 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tunmp.sys 12288 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\udfs.sys 66048 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\update.sys 384768 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usb8023.sys 12800 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd.sys 25600 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd2.sys 25728 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbd.sys 4736 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbehci.sys 30208 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbhub.sys 59520 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbintel.sys 15872 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbport.sys 144128 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbstor.sys 26368 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbuhci.sys 20608 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vdmindvd.sys 58112 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vga.sys 20992 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\videoprt.sys 81664 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\volsnap.sys 52352 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wanarp.sys 34560 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wmilib.sys 4352 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ws2ifsl.sys 12032 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\duser.dll 304128 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\eventlog.dll 56320 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\faultrep.dll 80384 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\feclient.dll 21504 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\filemgmt.dll 337920 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\fldrclnr.dll 87552 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\fltlib.dll 16896 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\fmifs.dll 16384 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\fontext.dll 382976 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\fontsub.dll 81920 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\framebuf.dll 9344 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\fsusd.dll 81408 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\fwcfg.dll 60416 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\gdi32.dll 286720 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\hal.dll 134400 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\imagehlp.dll 144384 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\imm32.dll 110080 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\iphlpapi.dll 94720 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\kdcom.dll 7040 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\kernel32.dll 989696 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\licdll.dll 423936 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\locale.nls 265948 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\logonui.exe 514560 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\lsasrv.dll 730112 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\lsass.exe 13312 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\lz32.dll 2560 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\l_intl.nls 7046 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42.dll 978944 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42u.dll 974848 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\mmc.exe 1414656 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\mobsync.dll 207360 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\msasn1.dll 58880 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\msgina.dll 997376 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\msimg32.dll 4608 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\msprivs.dll 48128 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\msv1_0.dll 136192 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\msvcp60.dll 413696 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\msvcrt.dll 343040 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\ncobjapi.dll 36352 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\nddeapi.dll 17920 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\netapi32.dll 337408 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\netrap.dll 11776 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\notepad.exe 69120 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\ntdll.dll 718336 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\ntdsapi.dll 67072 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\ntoskrnl.exe 2148864 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\ntsdexts.dll 36864 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\odbc32.dll 249856 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\odbcint.dll 94208 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.dat 4547 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.sig 7208 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\ole32.dll 1288192 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\oleacc.dll 220160 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\oleaccrc.dll 20480 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\oleaut32.dll 551936 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\profmap.dll 27648 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\psapi.dll 23040 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\regapi.dll 49664 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\rpcrt4.dll 590848 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\rpcss.dll 401408 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\rsaenh.dll 208384 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\rundll32.exe 33280 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\samlib.dll 64000 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\samsrv.dll 415744 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\scesrv.dll 314880 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.dat 4569 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.sig 7208 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\services.exe 110592 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\setupapi.dll 985088 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\sfc.dll 5120 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\sfc_os.dll 140288 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\shdocvw.dll 1499136 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\shell32.dll 8462336 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\shfolder.dll 25088 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\shgina.dll 68096 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\shlwapi.dll 474112 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\shsvcs.dll 135168 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\smss.exe 50688 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\sortkey.nls 262148 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\sorttbls.nls 23044 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe 14336 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\sxs.dll 713216 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\umpnpmgr.dll 123392 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\unicode.nls 89588 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\usbmon.dll 16896 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\ctype.nls 8386 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\ftsrch.dll 176128 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\mpr.dll 59904 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.bin 13107200 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\secur32.dll 56832 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\usbui.dll 74240 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\user32.dll 578560 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\userenv.dll 727040 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe 26112 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\uxtheme.dll 218624 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\version.dll 18944 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\vga.dll 9344 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\vga.drv 2176 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\watchdog.sys 17664 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\win32k.sys 1858944 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\wininet.dll 916480 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe 507904 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\winmm.dll 176128 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.drv 146432 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.exe 2112 bytes
    File C:\RRbackups\FR\UF\WINDOWS\system32\winsrv.dll 293376 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\winsta.dll 53760 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\winstrm.dll 18944 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\wintrust.dll 178176 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\wldap32.dll 172032 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\ws2help.dll 19968 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\ws2_32.dll 82432 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\system32\wsock32.dll 22528 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat 7433 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest 1862 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat 7433 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest 500 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 7236 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat 7431 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest 397 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat 7431 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy 605 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat 7429 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy 621 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat 7433 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy 623 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 1050624 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll 54784 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll 343040 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1700352 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll 1712128 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
    File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
    File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. yonderwanderer

    yonderwanderer Thread Starter

    Joined:
    Apr 28, 2009
    Messages:
    21
    Bump for help!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Potential rootkit issues
  1. Baggio
    Replies:
    5
    Views:
    578
  2. lunarlander
    Replies:
    5
    Views:
    652
  3. ricincalifornia
    Replies:
    2
    Views:
    480
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027587

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice