Unsolved
This post is more than 5 years old
7 Posts
0
8651
Various computer problems... Hijack this log
I am new to this forum so let me know if I have forgotten to include anything.
My computer has been running a lot more slowly than usual. Programs tend to lock up a lot (especially Internet Explorer). It seems that my memory is very low for some reason, even when I do not have much open. (I am attaching a screen shot).
I have had a couple pop ups saying a Trojan had been detected and removed. Could have been from Windows Defender or McAfee Security Center... I'm sorry but I do not remember which one. I did have Utorrent on my computer but I uninstalled it.
sfc/scannow says there are corrupt files that it cannot fix. I cannot get chkdsk to run without using the Vista installation CD. Every time I schedule it to run at reboot, it does not run. I have reformatted and reinstalled the OS since the first time this happened with chkdsk... still no luck.
Dell PC Tuneup tells me there are hard drive errors and to run chkdsk every time I run it.
I have scanned with McAfee Security Center and Windows Defender and it finds nothing.
I do own this computer. I am the administrator.
I am running Windows Vista Home Premium on a Dell Inspiron 1720 laptop.
Here is my Hijack this Log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:52 PM, on 11/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CafeMom Toolbar - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: CafeMom Toolbar - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {07DB8C18-9FD9-4e43-AF16-043E44D89768} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O9 - Extra 'Tools' menuitem: CafeMom Toolbar - {07DB8C18-9FD9-4e43-AF16-043E44D89768} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C8E7CBFB-9F2E-42C7-B4CB-D4B7FC89A363} (Gather Photo Uploader Control) - http://www.gather.com/imageuploader/GatherUploader5.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0007421227543704) (0007421227543704mcinstcleanup) - Unknown owner - C:\Windows\TEMP\000742~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12588 bytes
I would appreciate any help with these problems.
Thanks,
Monica
bamajim
10.4K Posts
1
November 26th, 2008 06:00
Getting hard drive errors is not a good thing, It could be a sign of a failing Hard Drive
We can check for infections, if they come up clean, then it may mean a visit to the shop
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
If an update is found, it will download and install the latest version.
Once the program has loaded, select " Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
monicav
7 Posts
0
November 26th, 2008 11:00
Hi bamajim,
Thanks for the response. I downloaded and installed Malwarebytes' Anti-Malware per your instructions, and ran a quick scan. Here is the log from the scan.
Malwarebytes' Anti-Malware 1.30
Database version: 1425
Windows 6.0.6001 Service Pack 1
11/26/2008 2:26:32 PM
mbam-log-2008-11-26 (14-26-32).txt
Scan type: Quick Scan
Objects scanned: 48488
Time elapsed: 3 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
bamajim
10.4K Posts
0
November 26th, 2008 13:00
You are most welcome.
If the exe key was borked in the Registry, that could cause a number of problems.
Let's do this to make sure it's o.k. This tool will produce a longer log
Go HERE and Download System Repair Engineer by smallfrogs
Select local download
Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
Open the sreng folder
Double click SREngPS.exe->>Click Run
At the main Window, in the left Pane,Select Smart Scan
At the next window make sure all of the boxes are checked and Select Scan
When the scan is complete Select Save reports
Save it to your desktop and Close the tool
Double Click SREngLog.txt copy and paste that log as a reply to this thread
Do not run any other options with this tool unless instructed to do so.
monicav
7 Posts
0
November 26th, 2008 15:00
Here is the System Repair Engineer log, thanks again.
bamajim
10.4K Posts
0
November 28th, 2008 05:00
Rerun SRE2
In the Right pane under the " File Associations" tab
Place checks in the boxes beside
.VBS Error. [NOTEPAD.EXE %1]
.JS Error. [NOTEPAD.EXE %1]
And Select the Repair button
After you do so the errors should be gone and the 2 checked items should read Normal or O.K.
If all went well, close SRE2, reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log. If the errors persist, then reply
monicav
7 Posts
0
November 30th, 2008 15:00
I followed your instructions, and repaired the .VBS Error. [NOTEPAD.EXE %1] and .JS Error. [NOTEPAD.EXE %1], and they now both say normal.
There are 2 other things that say error. I did not repair them, because you only said to repair the two. I just left them.
They are: .REG NOTEPAD.EXE 1% AND .SCR NOTEPAD.EXE 1%
Here is the fresh Hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:38 PM, on 11/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CafeMom Toolbar - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: CafeMom Toolbar - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {07DB8C18-9FD9-4e43-AF16-043E44D89768} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O9 - Extra 'Tools' menuitem: CafeMom Toolbar - {07DB8C18-9FD9-4e43-AF16-043E44D89768} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C8E7CBFB-9F2E-42C7-B4CB-D4B7FC89A363} (Gather Photo Uploader Control) - http://www.gather.com/imageuploader/GatherUploader5.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0108721227797665) (0108721227797665mcinstcleanup) - Unknown owner - C:\Windows\TEMP\010872~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12433 bytes
bamajim
10.4K Posts
0
December 1st, 2008 06:00
"There are 2 other things that say error. I did not repair them, because you only said to repair the two. I just left them.
They are: .REG NOTEPAD.EXE 1% AND .SCR NOTEPAD.EXE 1%"
If those errors are there, then rerun SRE2 and fix those using the instructions to correct the other error. Then reply with the results.
monicav
7 Posts
0
December 1st, 2008 07:00
I repaired them, and they both said normal afterward, so I closed SRE2. I opened it again a few minutes later just to make sure they still said normal, and now these 4 all say error again:
.REG NOTEPAD.EXE %
.SCR NOTEPAD.EXE %
.VBS NOTEPAD.EXE %
.JS NOTEPAD.EXE %
(The same 4 as before)
I ran another smart scan on SRE2 after seeing the four errors there again- here is the log from that.
Here is a new Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:07 AM, on 12/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CafeMom Toolbar - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: CafeMom Toolbar - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {07DB8C18-9FD9-4e43-AF16-043E44D89768} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O9 - Extra 'Tools' menuitem: CafeMom Toolbar - {07DB8C18-9FD9-4e43-AF16-043E44D89768} - C:\Program Files\CafeMom Toolbar\cmtb.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C8E7CBFB-9F2E-42C7-B4CB-D4B7FC89A363} (Gather Photo Uploader Control) - http://www.gather.com/imageuploader/GatherUploader5.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0225291228142403) (0225291228142403mcinstcleanup) - Unknown owner - C:\Windows\TEMP\022529~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12860 bytes
Thanks for all your help!
-Monica
bamajim
10.4K Posts
0
December 1st, 2008 09:00
We have to get the errors fixed related to .exe files fixed before we can do anything else.
Did you say you reloaded the OS and still have the same issue?
We may have to uninstall some programs you have until we get this fixed, but for now
Download gmer from HERE
Rt click->>Extract All->>and extract it to your Desktop
Open the gmer folder->>Double click the gmer.exe to run it
Select the rootkit tab, press the "Scan" button
Make sure the "Show all" box is NOT checked
When it finishes Select "copy"
Copy and paste that log as a reply to this thread
monicav
7 Posts
0
December 1st, 2008 10:00
Okay, thanks. Yes, I have reformatted and reinstalled the OS twice since I've had the laptop... and I haven't had it long.
Here is the gmer log:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-01 13:25:26
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.14 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x906189BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x90618958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x9061896C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x906189FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x90618A3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x90618930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x90618944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x906189D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x90618A67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x90618A53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x906189AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x90618996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x90618A2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x90618A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x906189E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x90618982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwYieldExecution 8203118C 5 Bytes JMP 906189EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 821CB17C 5 Bytes JMP 90618A43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 821D2DCA 5 Bytes JMP 90618986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 821ECF80 5 Bytes JMP 90618A2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 8220C1DC 5 Bytes JMP 90618948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 8221BB18 5 Bytes JMP 90618934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8222E74E 7 Bytes JMP 90618A00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8222EDA5 5 Bytes JMP 90618A16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 82230FB6 5 Bytes JMP 906189C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 8223E674 5 Bytes JMP 9061899A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 822408CE 7 Bytes JMP 906189D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8225F452 5 Bytes JMP 90618A57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8226049E 5 Bytes JMP 90618A6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 8229E1C1 5 Bytes JMP 9061895C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8229E20C 7 Bytes JMP 90618970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 8229ECCB 5 Bytes JMP 906189AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.14 ----
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 006C0082
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 006C0F46
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 006C0F06
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 006C009D
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 006C0F8D
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 006C0036
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 006C0F9E
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 006C0FCA
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 006C0F7C
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 006C0FAF
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 006C0047
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 006C0F57
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 006C0EF5
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 006C0011
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 006C0000
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 006C0FE5
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 006C0F17
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 006B0FA5
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 006B002C
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 006B0FE5
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 006B0047
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 006B0F8A
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 006B0FC0
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 006B0000
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 006B001B
.text C:\Windows\system32\svchost.exe[376] WS2_32.dll!socket 765236D1 5 Bytes JMP 00190FEF
.text C:\Windows\system32\services.exe[684] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00D6008A
.text C:\Windows\system32\services.exe[684] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00D60079
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00D600B6
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 00D600A5
.text C:\Windows\system32\services.exe[684] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00D60F5F
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00D60FB2
.text C:\Windows\system32\services.exe[684] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00D60043
.text C:\Windows\system32\services.exe[684] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00D60FA1
.text C:\Windows\system32\services.exe[684] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00D6005E
.text C:\Windows\system32\services.exe[684] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00D60F86
.text C:\Windows\system32\services.exe[684] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00D60028
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00D60F4E
.text C:\Windows\system32\services.exe[684] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 00D600D1
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00D60FDE
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00D60FEF
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00D60FC3
.text C:\Windows\system32\services.exe[684] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00D60F29
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00980FC0
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00980062
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00980000
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00980FD1
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 0098007D
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 0098002C
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 0098001B
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 0098003D
.text C:\Windows\system32\services.exe[684] WS2_32.dll!socket 765236D1 5 Bytes JMP 00960000
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00720082
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00720067
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00720EF5
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 00720F10
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00720038
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00720FAF
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00720F5E
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00720F79
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00720F4D
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00720011
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00720F94
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00720F32
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 007200A7
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00720000
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00720FE5
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00720FCA
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00720F21
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 0014007D
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00140047
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00140000
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00140062
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 0014008E
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 0014002C
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 0014001B
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00140FDB
.text C:\Windows\system32\lsass.exe[700] WS2_32.dll!socket 765236D1 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00220F74
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 002200BA
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00220F41
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 00220F52
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00220084
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00220036
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00220073
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00220FCA
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00220095
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00220062
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00220051
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00220F8F
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 002200E9
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00220FE5
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00220025
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00220F63
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 0021002F
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00210FA8
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00210F8D
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 00210F7C
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 00210FD4
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00210FC3
.text C:\Windows\system32\svchost.exe[840] WS2_32.dll!socket 765236D1 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00390F50
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00390096
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00390F21
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 003900B8
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00390F75
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00390FC3
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 0039004F
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00390F97
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 0039006A
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00390F86
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00390FB2
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00390085
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 00390F10
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00390FE5
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00390000
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00390FD4
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 003900A7
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00300043
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00300014
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00300F97
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 00300F86
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 00300FC3
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00300FA8
.text C:\Windows\system32\svchost.exe[916] WS2_32.dll!socket 765236D1 5 Bytes JMP 002A0000
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 02210F77
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 022100BD
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 02210F37
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 022100CE
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 02210087
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 02210FE5
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 02210FAF
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 02210051
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 02210F92
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 0221006C
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 02210FCA
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 022100A2
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 022100E9
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 02210025
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 02210000
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 02210036
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 02210F52
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 021C0047
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 021C0036
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 021C000A
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 021C0FA5
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 021C0F94
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 021C0FCA
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 021C0FEF
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 021C001B
.text C:\Windows\System32\svchost.exe[968] WS2_32.dll!socket 765236D1 5 Bytes JMP 01440FE5
.text C:\Windows\System32\svchost.exe[968] WININET.DLL!InternetOpenA 760503DD 5 Bytes JMP 01430FE5
.text C:\Windows\System32\svchost.exe[968] WININET.DLL!InternetOpenUrlA 760520A3 5 Bytes JMP 01430FCA
.text C:\Windows\System32\svchost.exe[968] WININET.DLL!InternetOpenW 76052A58 5 Bytes JMP 01430000
.text C:\Windows\System32\svchost.exe[968] WININET.DLL!InternetOpenUrlW 7609AF79 5 Bytes JMP 01430025
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 009D0F2B
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 009D0F46
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 009D00B8
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 009D00A7
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 009D0F97
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 009D0FD4
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 009D0065
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 009D0FA8
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 009D0F7C
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 009D004A
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 009D0FB9
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 009D0F57
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 009D0F06
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 009D0FEF
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 009D0000
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 009D0025
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 009D0096
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 009C0F86
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 774AB8AE 1 Byte [ E9 ]
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA + 2 774AB8B0 3 Bytes [ 56, 51, 89 ]
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 009C0FEF
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 009C0F97
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 009C0F6B
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 009C0014
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 009C0FDE
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 009C0FC3
.text C:\Windows\System32\svchost.exe[1004] WS2_32.dll!socket 765236D1 5 Bytes JMP 009A0000
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 01070F33
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 0107006F
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 01070094
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 01070F07
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 01070F66
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 01070FD4
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 01070F8D
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 01070FAF
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 01070F55
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 01070F9E
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 01070036
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 01070F44
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 01070ED8
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 01070FEF
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 01070000
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 01070025
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 01070F18
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 01020065
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 01020040
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 01020FEF
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 01020FC3
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 01020FA8
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 01020025
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 01020014
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 01020FD4
.text C:\Windows\System32\svchost.exe[1040] WS2_32.dll!socket 765236D1 5 Bytes JMP 01000000
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00DF00C3
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00DF00A8
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00DF00EF
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 00DF00DE
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00DF0F9B
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00DF0FC0
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00DF0075
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00DF003D
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00DF0086
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00DF0058
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00DF002C
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00DF0097
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 00DF0100
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00DF0011
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00DF0FDB
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00DF0F6C
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00DA003D
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00DA001B
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00DA002C
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 00DA0F80
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 00DA0FAF
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 00DA0FCA
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00DA0000
.text C:\Windows\system32\svchost.exe[1056] WS2_32.dll!socket 765236D1 5 Bytes JMP 00D00000
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 001700A0
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00170F50
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00170F1A
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 001700B1
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 0017004C
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00170FCA
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00170F72
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00170F9E
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00170F61
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00170F8D
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00170FB9
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00170071
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 001700D6
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00170FE5
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00170011
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00170F35
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00160043
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 774AB8AE 1 Byte [ E9 ]
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA + 2 774AB8B0 3 Bytes [ 56, CB, 88 ]
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00160FE5
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00160F97
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 00160054
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 00160FC3
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 00160FD4
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 0016001E
.text C:\Windows\system32\svchost.exe[1160] WS2_32.dll!socket 765236D1 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00CA0F90
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00CA00CC
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00CA00FB
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 00CA0F64
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00CA0FA1
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00CA002F
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00CA0FB2
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00CA005E
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00CA0096
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00CA006F
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00CA0FCD
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00CA00B1
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 00CA0F49
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00CA0014
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00CA0FEF
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00CA0FDE
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00CA0F7F
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00C10F83
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00C1001B
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00C10FEF
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00C10F94
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 00C10036
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 00C1000A
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 00C10FD4
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00C10FB9
.text C:\Windows\system32\svchost.exe[1220] WS2_32.dll!socket 765236D1 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\svchost.exe[1220] WinInet.dll!InternetOpenA 760503DD 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[1220] WinInet.dll!InternetOpenUrlA 760520A3 5 Bytes JMP 00320FD4
.text C:\Windows\system32\svchost.exe[1220] WinInet.dll!InternetOpenW 76052A58 5 Bytes JMP 00320FE5
.text C:\Windows\system32\svchost.exe[1220] WinInet.dll!InternetOpenUrlW 7609AF79 5 Bytes JMP 00320FC3
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00CD00D7
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00CD00BC
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00CD010D
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 00CD0F76
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00CD007F
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00CD0FCA
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00CD006E
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00CD0FAF
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00CD0090
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00CD0051
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00CD0036
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00CD00AB
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 00CD0F5B
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00CD0011
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00CD0000
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00CD0FDB
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00CD00F2
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00CC0F8A
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00CC002C
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00CC0FEF
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00CC0FA5
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 00CC0047
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 00CC001B
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 00CC000A
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00CC0FCA
.text C:\Windows\system32\svchost.exe[1400] WS2_32.dll!socket 765236D1 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00CD00C7
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00CD00A2
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00CD0F41
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 00CD0F5C
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00CD0FA3
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00CD0FCA
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00CD007D
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00CD0051
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00CD0F88
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00CD0062
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00CD0036
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00CD0F77
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 00CD0F30
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00CD0FE5
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00CD0000
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00CD0011
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00CD00D8
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00CC004A
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00CC0FC3
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00CC000A
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00CC0FB2
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 00CC0F83
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 00CC0FEF
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 00CC0025
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00CC0FDE
.text C:\Windows\system32\svchost.exe[1664] WS2_32.dll!socket 765236D1 5 Bytes JMP 00790000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2160] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 0041C1F0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2160] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 0041C170 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00C400D0
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00C400BF
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00C40106
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 00C40F6F
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00C4009D
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00C4004A
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00C40FC3
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00C40065
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00C400AE
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00C40080
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00C40FDE
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00C40F9E
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 00C40121
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00C40FEF
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00C4000A
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00C4002F
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00C400F5
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00C30062
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00C30036
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00C30000
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00C30051
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 00C30FA5
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 00C30FD4
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 00C30FE5
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00C30025
.text C:\Windows\system32\svchost.exe[2648] WS2_32.dll!socket 765236D1 5 Bytes JMP 00C10000
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 008C00C9
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 008C00AE
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 008C00EE
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 008C0F4D
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 008C0F8D
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 008C0FCA
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 008C0F9E
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 008C0051
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 008C008C
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 008C0FAF
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 008C0036
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 008C009D
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 008C0109
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 008C0011
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 008C0FDB
.text C:\Windows\system32\svchost.exe[2976] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 008C0F68
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 008A005F
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 008A0044
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 008A0FBD
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 008A0070
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 008A0022
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 008A0011
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 008A0033
.text C:\Windows\system32\svchost.exe[2976] WS2_32.dll!socket 765236D1 5 Bytes JMP 00880FEF
.text C:\Program Files\McAfee\MQC\McpAdmin.exe[2992] USER32.dll!MessageBoxW 7615D667 6 Bytes JMP 00405910 C:\Program Files\McAfee\MQC\McpAdmin.exe (McAfee McpAdmin DLL/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 0018008C
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00180F46
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 001800CC
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 00180F2B
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00180056
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00180FB9
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00180045
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00180F97
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00180071
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00180F7C
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 00180FA8
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00180F61
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 001800E7
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00180FE5
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 0018000A
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00180FD4
.text C:\Windows\System32\svchost.exe[3036] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 0018009D
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00070F9E
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00070FAF
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00070040
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 0007005B
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[3036] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00070FD4
.text C:\Windows\System32\svchost.exe[3036] WS2_32.dll!socket 765236D1 5 Bytes JMP 005E0FEF
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!GetStartupInfoW 77661929 5 Bytes JMP 00010F10
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!GetStartupInfoA 776619C9 5 Bytes JMP 00010F35
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!CreateProcessW 77661C01 5 Bytes JMP 00010EE4
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!CreateProcessA 77661C36 5 Bytes JMP 0001007B
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!VirtualProtect 77661DD1 5 Bytes JMP 00010F6B
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!CreateNamedPipeW 77665C44 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!LoadLibraryExW 776830C3 5 Bytes JMP 00010F7C
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!LoadLibraryW 7768361F 5 Bytes JMP 00010FA8
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!VirtualProtectEx 77688D7E 5 Bytes JMP 00010060
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!LoadLibraryExA 77689469 5 Bytes JMP 00010F97
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!LoadLibraryA 77689491 5 Bytes JMP 0001002F
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!CreatePipe 77690284 5 Bytes JMP 00010F46
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!GetProcAddress 776AB8B6 5 Bytes JMP 0001008C
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!CreateFileW 776ACC4E 5 Bytes JMP 00010FDE
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!CreateFileA 776ACF71 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!CreateNamedPipeA 776F41F6 5 Bytes JMP 00010014
.text C:\Windows\Explorer.EXE[4080] kernel32.dll!WinExec 776F53E7 5 Bytes JMP 00010EFF
.text C:\Windows\Explorer.EXE[4080] ADVAPI32.dll!RegCreateKeyExA 774AB5E7 5 Bytes JMP 00050051
.text C:\Windows\Explorer.EXE[4080] ADVAPI32.dll!RegCreateKeyA 774AB8AE 5 Bytes JMP 00050FB9
.text C:\Windows\Explorer.EXE[4080] ADVAPI32.dll!RegOpenKeyA 774B0BF5 5 Bytes JMP 00050FEF
.text C:\Windows\Explorer.EXE[4080] ADVAPI32.dll!RegCreateKeyW 774BB83D 5 Bytes JMP 00050040
.text C:\Windows\Explorer.EXE[4080] ADVAPI32.dll!RegCreateKeyExW 774BBCE1 5 Bytes JMP 00050F94
.text C:\Windows\Explorer.EXE[4080] ADVAPI32.dll!RegOpenKeyExA 774BD4E8 5 Bytes JMP 0005001B
.text C:\Windows\Explorer.EXE[4080] ADVAPI32.dll!RegOpenKeyW 774C3CB0 5 Bytes JMP 0005000A
.text C:\Windows\Explorer.EXE[4080] ADVAPI32.dll!RegOpenKeyExW 774CF09D 5 Bytes JMP 00050FD4
.text C:\Windows\Explorer.EXE[4080] WS2_32.dll!socket 765236D1 5 Bytes JMP 01CC0FEF
.text C:\Windows\Explorer.EXE[4080] WININET.dll!InternetOpenA 760503DD 5 Bytes JMP 03090000
.text C:\Windows\Explorer.EXE[4080] WININET.dll!InternetOpenUrlA 760520A3 5 Bytes JMP 03090FCA
.text C:\Windows\Explorer.EXE[4080] WININET.dll!InternetOpenW 76052A58 5 Bytes JMP 03090FE5
.text C:\Windows\Explorer.EXE[4080] WININET.dll!InternetOpenUrlW 7609AF79 5 Bytes JMP 03090FB9
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\BTHUSB \Device\00000085 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000087 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1def98d
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1def98d
---- EOF - GMER 1.0.14 ----
bamajim
10.4K Posts
0
December 1st, 2008 14:00
O.K. We are going to have to Uninstall and Remove McAfee.
If you have a paid for version with a product key you can reload it when we are finished.
1. Go HERE and Download the McAfee Removal tool and save it to your Desktop (BUT DO NOT RUN IT YET)
2. Uninstalll McAfee
Click Start (the Vista Icon) ->> Control Panel ->> Programs and Features ->> Hilite and uninstall McAfee.
Close Programs and Features
3. Run (Double Click to run) the McAfee Removal Tool that you saved to your Desktop earlier.
4. Reboot your PC ->> ReRun SRE2 and fix those errors we had previously. Close SRE2 ->> Reboot your PC ->> Rerun SRE2 and see if the errors stay fixed.
Reply with the results
monicav
7 Posts
0
December 1st, 2008 17:00
I hate to tell you this after all the time you have spent helping me, but today my computer randomly gave me a blue screen error twice out of nowhere, so I wiped it clean and reinstalled the OS.
It appears to be working fine now.... but I am wondering whther I need to do all of the steps you gave me over again to check things, or would the fresh reinstall have removed the problems we found while checking? I reformated and everything- fresh start.
Thanks for all your help
Monica
bamajim
10.4K Posts
0
December 2nd, 2008 05:00
Monica
A clean re-install may be the best thing in the long run. I was curios why the clean install did not work the first time.
Nevertheless, my previous instructions are not necceesary. I would recommend that when you reload your programs that you do them one at a time, and make note of any problems as you re-install them, so that if there is a problem, it can be isolated.
surf safe