Potential rootkit/other issues on laptop

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

yonderwanderer

Thread Starter
Joined
Apr 28, 2009
Messages
21
Laptop has been running a bit slowly, and after trying some of the more conventional means to speeding it up, I started running some checks on it. MBAM came up clean, but Spybot picked up a TDSS trojan, which from my understanding is a rootkit. I've attached the requested logs below. Thanks for your help!

HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:36 PM, on 11/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\David\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/siriusinternetradio
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111112114409.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"
O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\David\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {99C7B1B6-C556-4BA2-BBF6-4E19394A260B} (RNTProcessManager Control) - https://helpcenter.homestead.com/rnt/rnw/client_files/RNTProcMan.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intuitcorp.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 17716 bytes



DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
Run by David at 12:48:00 on 2011-11-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2327 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\David\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\REGSVR32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sirius.com/siriusinternetradio
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_16\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111112114409.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\lenovo\lenovo~2\LPMLCHK.exe
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [LCONTROL] "c:\program files\lenovo\atk hotkey\LCONTROL.exe"
mRun: [LFKA] "c:\program files\lenovo\atk hotkey\LFKA.exe"
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\david\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\david\application data\dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_16\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {99C7B1B6-C556-4BA2-BBF6-4E19394A260B} - hxxps://helpcenter.homestead.com/rnt/rnw/client_files/RNTProcMan.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuitcorp.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{92716D68-29B0-4FFD-A7B2-2B426E1A9A4E} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: ACNotify - ACNotify.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\rwuf02i0.default\
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\afurladvisor.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJPI150_16.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: afurladvisor: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 464176]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-28 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2008-10-26 208896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-28 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-28 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-28 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-28 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-28 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-28 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-28 150856]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-10-26 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 253952]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-8-3 645048]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-28 57600]
R3 DCamUSBGene;Integrated Camera;c:\windows\system32\drivers\USBSTK.sys [2008-10-26 173584]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-10-12 26137]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-28 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-28 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-28 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-28 83856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-10-26 38304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-10-12 155152]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [2010-1-4 132096]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-28 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-28 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-28 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-28 40552]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
.
=============== Created Last 30 ================
.
2011-11-05 23:17:55 -------- d-----w- c:\documents and settings\david\local settings\application data\Solid State Networks
.
==================== Find3M ====================
.
2011-11-19 19:21:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-15 20:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 20:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-15 20:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 20:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-15 20:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 20:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 20:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 20:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 20:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 20:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:05:47 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 14:24:13 36864 ----a-w- C:\nphssb.dll
2011-08-31 14:24:03 45056 ----a-w- c:\windows\system32\HSSICore.dll
2011-08-31 14:24:03 40960 ----a-w- c:\windows\system32\HS_live.ocx
2011-08-31 14:24:03 184320 ----a-w- c:\windows\system32\OESICore.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 12:48:31.64 ===============




Gmer:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-19 14:24:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0084
Running: u39r6tnb.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\uwdorkow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DF24C0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DF24D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DF2500]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9DF2556]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DF24AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DF2484]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DF2498]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DF24EA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9DF252C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DF2516]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DF2580]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9DF256C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9DF2540]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9DF2544 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9DF255A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B9DF2570 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9DF2530 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9DF2488 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9DF249C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B9DF2584 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B9DF251A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9DF24EE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B9DF24C4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B9DF24D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B9DF2504 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9DF24B0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7C4C380, 0x37DE8D, 0xE8000020]
? C:\DOCUME~1\David\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0FCD
.text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA000A
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0FA6
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA009B
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0080
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00CE
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA00BD
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0115
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00FA
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0130
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0065
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA001B
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA00AC
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0040
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00DF
.text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F80
.text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FC0
.text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00000
.text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C0003D
.text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C0002C
.text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C0001B
.text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0053
.text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0038
.text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0016
.text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0027
.text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FD2
.text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00BC0000
.text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00BC0FC3
.text C:\WINDOWS\Explorer.EXE[412] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
.text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B5000A
.text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B5001B
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B20000
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B20FA5
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B200A4
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B20089
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B20FC0
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B2003D
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B200DC
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B20F94
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B20101
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B20F5E
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B20F43
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B20058
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B2001B
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B200B5
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B2002C
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\System32\svchost.exe[544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B20F83
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03520FB9
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03520040
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03520FCA
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03520000
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03520F83
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03520FE5
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03520F9E
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [72, 8B] {JB 0xffffffffffffff8d}
.text C:\WINDOWS\System32\svchost.exe[544] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03520025
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02E60FC8
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!system 77C293C7 5 Bytes JMP 02E60FD9
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02E60038
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02E6000C
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02E60049
.text C:\WINDOWS\System32\svchost.exe[544] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02E6001D
.text C:\WINDOWS\System32\svchost.exe[544] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D8000A
.text C:\WINDOWS\System32\svchost.exe[544] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 02D70FEF
.text C:\WINDOWS\System32\svchost.exe[544] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 02D70FD4
.text C:\WINDOWS\System32\svchost.exe[544] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 02D7000A
.text C:\WINDOWS\System32\svchost.exe[544] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 02D7001B
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00920025
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00910F7C
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00910F8D
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910FA8
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910FB9
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0091005B
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910F5A
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910F6B
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910F35
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009100CE
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00910F24
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910025
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0091008C
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910040
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009100BD
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00900FA8
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900040
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00900FC3
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0090002F
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00900F8D
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 88] {MOV AL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900014
.text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0044
.text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0033
.text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FCD
.text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0018
.text C:\WINDOWS\system32\svchost.exe[612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[612] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[612] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[612] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[612] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C10FCD
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C10FDE
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F83
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00078
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C0005B
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00039
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C0009D
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F4B
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000DD
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F3A
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F29
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C0004A
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00F68
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00FCD
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000B8
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF004A
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF009B
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF002F
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0014
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0080
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF006F
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20F8B
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20FA6
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FD2
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FE3
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20FC1
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C2000C
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A002C
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A001B
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790FEF
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00790065
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00790F70
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00790F81
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [83]
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790F9E
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790FAF
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790F27
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00790F44
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0079009E
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00790EFB
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007900AF
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00790036
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0079000A
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00790F55
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00790FC0
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0079001B
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00790F16
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D001B
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D006C
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0FD4
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0000
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D0FAF
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007D0051
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D002C
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007C0F9E
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!system 77C293C7 5 Bytes JMP 007C0033
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007C0011
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007C0FE3
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007C0022
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90011
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80093
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80F94
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E8006E
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80FA5
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80FC0
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E800BA
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80F72
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E80F3C
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E800D5
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E80F21
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80047
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E80F83
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E8002C
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80011
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E80F57
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0FDB
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0F8A
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC002C
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0011
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0F9B
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0FC0
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0047
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB001D
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0F9C
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0FB7
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FEF
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB000C
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FD2
.text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\services.exe[1684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00780FE5
.text C:\WINDOWS\system32\services.exe[1684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00780FB9
.text C:\WINDOWS\system32\services.exe[1684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00780FCA
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007700AB
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770090
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770FAC
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770069
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770047
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770F80
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F91
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770F4A
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770F6F
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007700FE
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770058
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0077001B
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007700BC
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770FDB
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770036
.text C:\WINDOWS\system32\services.exe[1684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007700ED
.text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F83
.text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F94
.text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\services.exe[1684] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FA5
.text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007A0FBC
.text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!system 77C293C7 5 Bytes JMP 007A0047
.text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007A002C
.text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007A0FD7
.text C:\WINDOWS\system32\services.exe[1684] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007A0011
.text C:\WINDOWS\system32\services.exe[1684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00790FE5
.text C:\WINDOWS\system32\lsass.exe[1696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\lsass.exe[1696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C30014
.text C:\WINDOWS\system32\lsass.exe[1696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C30FDE
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C2007D
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20062
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F94
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20047
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FAF
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C200B5
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F6D
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F2D
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F3E
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20F12
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20098
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\lsass.exe[1696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C200C6
.text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0039
.text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0080
.text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FDE
.text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0FCD
.text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF0065
.text C:\WINDOWS\system32\lsass.exe[1696] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF004A
.text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0F9C
.text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FB7
.text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE001D
.text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FD2
.text C:\WINDOWS\system32\lsass.exe[1696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FE3
.text C:\WINDOWS\system32\lsass.exe[1696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\lsass.exe[1696] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\lsass.exe[1696] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\lsass.exe[1696] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\lsass.exe[1696] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00C40FC3
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AD0FE5
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AC005B
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AC004A
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC0F7C
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AC0F8D
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AC008C
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AC0F3A
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC00A7
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AC0F0E
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AC0EF3
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AC0FA8
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AC0F4B
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AC0F1F
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F90025
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F90065
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F90014
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F9004A
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F90FA8
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [19, 89]
.text C:\WINDOWS\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F90FC3
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F80027
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F80016
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F80FC1
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F80FE3
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F80FA6
.text C:\WINDOWS\system32\svchost.exe[1948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F80FD2
.text C:\WINDOWS\system32\svchost.exe[1948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F7000A
.text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB001E
.text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0045
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F50
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F61
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F72
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FA8
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0073
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F2B
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0EEE
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F09
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00A2
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0F8D
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0056
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0014
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F1A
.text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20F91
.text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C2004E
.text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C2003D
.text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C2002C
.text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10027
.text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10F9C
.text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FD2
.text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FB7
.text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10FE3
.text C:\WINDOWS\system32\svchost.exe[2024] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\SearchIndexer.exe[2492] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[3672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F80000
.text C:\WINDOWS\System32\svchost.exe[3672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F8001B
.text C:\WINDOWS\System32\svchost.exe[3672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F6F
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F7006E
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F94
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70FA5
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70036
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700AB
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F7009A
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700DA
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F37
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F700EB
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70047
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70FDE
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70089
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70025
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70014
.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F48
.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F6002C
.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F6007D
.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60011
.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6006C
.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60000
.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F60051
.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FC0
.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50025
.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F5000A
.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FB5
.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50FA4
.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FD2
.text C:\WINDOWS\System32\svchost.exe[3672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A60A0D20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 46749 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 15600 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\629bd1bf-a728-4cdc-9610-2ec4824cfb09 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\e86ca37e-3389-480d-addd-5c6935ca5031 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\enroll.ini 26 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\404b466b6bfefd5de0c0a19f33336d46_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 1753 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4a83060920cae32caf902bed48d1fdd9_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 58 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\94348ade95b67e8f2e884ed7b348b833_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 59 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 893 bytes
File C:\RRbackups\Documents and Settings\David 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo\Client Security Solution\encobject.dat 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo\Client Security Solution\enroll.ini 32 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\146482325737612d5fbcd71839d49d49_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 50 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\6b29ae44e85efac3c72ff4d1865d73f1_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 53 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\83aa4cc77f591dfc2374580bbd95f6ba_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 45 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\8f71098770f72c7a67cd8f1151619865_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 54 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\adeb89ff2937a9e80129150f89620a82_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 46 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3106106572-3497180873-3676298187-1005\ba8f712c43fd8d5f5868f7b4f8810b80_06f46eb9-f4d1-4877-be67-f6b80ccae8e0 1282 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\629bd1bf-a728-4cdc-9610-2ec4824cfb09 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\e86ca37e-3389-480d-addd-5c6935ca5031 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\09608543-522c-407a-961f-7d504d5f659b 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\0efa761f-3219-432c-b71f-24d3649f99e3 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\3418d27b-37fb-4533-9dab-b86d52edfb9b 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\3af62701-295e-4f22-9e45-97103d15df62 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\52ab6384-a368-47f6-b000-2a1c887ce3e5 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\5df9b9d6-14ea-4792-b9b4-61535e4a4029 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\6269122e-bd6d-48df-943f-ebbf2916f8cf 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\71a64068-c024-41f3-8a26-5c09fa767db1 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\86c775de-6258-4566-95e5-c79e869c3d45 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\9dc73b65-89f5-4a53-adaf-149091bede23 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\9e48b52a-344b-43b1-89d7-a8cf35fa95f1 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\de567267-80d8-4048-93fa-c316cd137e01 388 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\Protect\S-1-5-21-3106106572-3497180873-3676298187-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\Request 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\Request\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\Request\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\David\Application Data\Microsoft\SystemCertificates\Request\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\629bd1bf-a728-4cdc-9610-2ec4824cfb09 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-153372901-636969514-2431338553-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\e86ca37e-3389-480d-addd-5c6935ca5031 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2993133794-2104705967-768765647-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\FR 0 bytes
File C:\RRbackups\FR\KernelFileDigest.dat 17513 bytes
File C:\RRbackups\FR\UF 0 bytes
File C:\RRbackups\FR\UF\boot.ini 211 bytes
File C:\RRbackups\FR\UF\documents and settings 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user\ntuser.dat 1048576 bytes
File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
File C:\RRbackups\FR\UF\NTLDR 250048 bytes
File C:\RRbackups\FR\UF\WINDOWS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\explorer.exe 1033728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\Fonts 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mangal.ttf 143864 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\marlett.ttf 24124 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\micross.ttf 461672 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mvboli.ttf 40500 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\vgaoem.fon 5168 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\advapi32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\advpack.dll 128512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\authz.dll 62464 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\autochk.exe 588800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\basesrv.dll 52736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\bootvid.dll 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\browseui.dll 1025024 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\chkdsk.exe 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cmd.exe 389120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comctl32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comdlg32.dll 276992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\config 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\default 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SAM 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SECURITY 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\software 25427968 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\system 5767168 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\userdiff 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\crypt32.dll 599552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptdll.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptui.dll 512512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cscdll.dll 101888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrsrv.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrss.exe 6144 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\c_1252.nls 66082 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\c_936.nls 196642 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\dnsapi.dll 149504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\doskey.exe 10752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\dpcdll.dll 102912 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpi.sys 187776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpiec.sys 11648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\afd.sys 138496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk6.sys 37376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk7.sys 37760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\arp1394.sys 60800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\asyncmac.sys 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atapi.sys 96512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmlane.sys 55808 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\beep.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\bridge.sys 71552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cbidf2k.sys 13952 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdaudio.sys 18688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdfs.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdrom.sys 62976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\classpnp.sys 49536 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cpqdap01.sys 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\crusoe.sys 36736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\disk.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\diskdump.sys 14208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmboot.sys 799744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmio.sys 153344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxg.sys 71168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxgthk.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fastfat.sys 143744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fdc.sys 27392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fips.sys 44544 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\flpydisk.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fltMgr.sys 129792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fsvga.sys 12160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fs_rec.sys 7936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ftdisk.sys 125056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidclass.sys 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidparse.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidusb.sys 10368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\http.sys 265728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\i8042prt.sys 52480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\imapi.sys 42112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\intelppm.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ip6fw.sys 36608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipfltdrv.sys 32896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipinip.sys 20864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipnat.sys 152832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipsec.sys 75264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\irenum.sys 11264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\isapnp.sys 37248 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\kbdclass.sys 24576 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ks.sys 141056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ksecdd.sys 92928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mcd.sys 7680 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mf.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\modem.sys 30080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouclass.sys 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mountmgr.sys 42368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxdav.sys 180608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxsmb.sys 456320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msfs.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msgpc.sys 35072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mssmbios.sys 15488 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mup.sys 105472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndis.sys 182656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndistapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndisuio.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndiswan.sys 91520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndproxy.sys 40960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbt.sys 162816 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nic1394.sys 61824 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nikedrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\npfs.sys 30848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ntfs.sys 574976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\null.sys 2944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkflt.sys 12416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkfwd.sys 32512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkipx.sys 88320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnknb.sys 63232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkspx.sys 55936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\oprghdlr.sys 3456 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\p3.sys 42752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parport.sys 80128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\partmgr.sys 19712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parvdm.sys 6784 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pci.sys 68224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciide.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciidex.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pcmcia.sys 120192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\processr.sys 35840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ptilink.sys 17792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasacd.sys 8832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasl2tp.sys 51328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspppoe.sys 41472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspptp.sys 48384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspti.sys 16512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rawwan.sys 34432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdbss.sys 175744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpcdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpdr.sys 196224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpwd.sys 139656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\redbook.sys 57600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rio8drv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\riodrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\RMCast.sys 203136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rndismp.sys 30592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rootmdm.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\scsiport.sys 96384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sdbus.sys 79232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cinemst2.sys 262528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\gm.dls 3440660 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mnmdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nmnt.sys 40320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\psched.sys 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\secdrv.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tosdvd.sys 51712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serenum.sys 15744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serial.sys 64512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffdisk.sys 11904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffp_sd.sys 11008 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sfloppy.sys 11392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\smclib.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sonydcam.sys 25344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sr.sys 73472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\srv.sys 357888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\stream.sys 49408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\swenum.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\syntp.sys 177632 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tape.sys 14976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip.sys 361600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip6.sys 226880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdi.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdpipe.sys 12040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdtcp.sys 21896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\termdd.sys 40840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tsbvcap.sys 21376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tunmp.sys 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\udfs.sys 66048 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\update.sys 384768 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usb8023.sys 12800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd.sys 25600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd2.sys 25728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbd.sys 4736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbehci.sys 30208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbhub.sys 59520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbintel.sys 15872 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbport.sys 144128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbstor.sys 26368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbuhci.sys 20608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vdmindvd.sys 58112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vga.sys 20992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\videoprt.sys 81664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\volsnap.sys 52352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wanarp.sys 34560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wmilib.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ws2ifsl.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\duser.dll 304128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\eventlog.dll 56320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\faultrep.dll 80384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\feclient.dll 21504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\filemgmt.dll 337920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fldrclnr.dll 87552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fltlib.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fmifs.dll 16384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontext.dll 382976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontsub.dll 81920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\framebuf.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fsusd.dll 81408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fwcfg.dll 60416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\gdi32.dll 286720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\hal.dll 134400 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imagehlp.dll 144384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imm32.dll 110080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\iphlpapi.dll 94720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kdcom.dll 7040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kernel32.dll 989696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\licdll.dll 423936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\locale.nls 265948 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\logonui.exe 514560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsasrv.dll 730112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsass.exe 13312 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lz32.dll 2560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\l_intl.nls 7046 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42.dll 978944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42u.dll 974848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mmc.exe 1414656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mobsync.dll 207360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msasn1.dll 58880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msgina.dll 997376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msimg32.dll 4608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msprivs.dll 48128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msv1_0.dll 136192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcp60.dll 413696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ncobjapi.dll 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\nddeapi.dll 17920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netapi32.dll 337408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netrap.dll 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\notepad.exe 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdll.dll 718336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdsapi.dll 67072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntoskrnl.exe 2148864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntsdexts.dll 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbc32.dll 249856 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbcint.dll 94208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.dat 4547 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ole32.dll 1288192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleacc.dll 220160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaccrc.dll 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaut32.dll 551936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\profmap.dll 27648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\psapi.dll 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\regapi.dll 49664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcrt4.dll 590848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcss.dll 401408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rsaenh.dll 208384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rundll32.exe 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samlib.dll 64000 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samsrv.dll 415744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\scesrv.dll 314880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.dat 4569 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\services.exe 110592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\setupapi.dll 985088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc.dll 5120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc_os.dll 140288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shdocvw.dll 1499136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shell32.dll 8462336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shfolder.dll 25088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shgina.dll 68096 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shlwapi.dll 474112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shsvcs.dll 135168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\smss.exe 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sortkey.nls 262148 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\sorttbls.nls 23044 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sxs.dll 713216 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\umpnpmgr.dll 123392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\unicode.nls 89588 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\usbmon.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ctype.nls 8386 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ftsrch.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mpr.dll 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.bin 13107200 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secur32.dll 56832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\usbui.dll 74240 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\user32.dll 578560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userenv.dll 727040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe 26112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\uxtheme.dll 218624 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\version.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.drv 2176 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\watchdog.sys 17664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\win32k.sys 1858944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wininet.dll 916480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe 507904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winmm.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.drv 146432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.exe 2112 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\winsrv.dll 293376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winsta.dll 53760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winstrm.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wintrust.dll 178176 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wldap32.dll 172032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2help.dll 19968 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2_32.dll 82432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wsock32.dll 22528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat 7433 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest 1862 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat 7433 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest 500 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 7236 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat 7431 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest 397 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat 7431 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy 605 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat 7429 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy 621 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat 7433 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy 623 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 1050624 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll 54784 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1700352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll 1712128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes

---- EOF - GMER 1.0.15 ----
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top