Tech Support Forum banner
Status
Not open for further replies.

Help with computer slow-down and possible infections.

2K views 2 replies 3 participants last post by  amateur 
#1 ·
Hello,

I have 3 kids that have been using my computer, for anything from gaming to downloading music etc.

I have noticed that my computer has slowed down, and I get alot of the fake alert notices that my computer is infected...blah, blah blah.

I do use McAfee virus and firewall. I do scan with Malwarebyts. I do use Ccleaner, and try to keep disk defragged.

Thank you very much for your help.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ken Henrikson at 18:48:04.31 on Sun 03/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2317 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Ken Henrikson\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110112071253.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265501466609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265566893765
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\kenhen~1\applic~1\mozilla\firefox\profiles\ovu13fza.default\
FF - prefs.js: browser.startup.homepage - hxxp://msnmember.msn.com/
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\ken henrikson\application data\mozilla\firefox\profiles\ovu13fza.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\ken henrikson\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-12 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-12 84072]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-12 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-12 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-12 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-12 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-12 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-12 141792]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-2-28 53032]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-12 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-12 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-12 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-12 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-12 88544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-2-6 993280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-6-23 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-6-23 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-6-23 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\kenhen~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\kenhen~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-12 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-12 84264]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-1-22 39456]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-6-23 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-6-23 1120752]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-11 23:01:22 -------- d-----w- c:\program files\Firaxis Games
2011-03-09 04:07:41 -------- d-----w- c:\windows\system32\????ocuments and Settings
2011-03-07 20:23:17 -------- d-----w- c:\windows\system32\??
2011-02-26 22:13:38 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-02-26 22:13:34 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-02-26 22:13:08 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-02-26 22:12:46 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2011-02-26 22:12:46 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-02-26 22:12:45 966656 ----a-r- c:\windows\system32\hpost_p02c.dll
2011-02-26 22:12:45 712704 ----a-r- c:\windows\system32\hposwia_p02c.dll
2011-02-26 22:12:45 315392 ----a-r- c:\windows\system32\hposc_p02a.dll
2011-02-26 22:07:55 -------- d-----w- c:\program files\common files\HP
2011-02-26 19:02:58 -------- d-----w- c:\program files\Cisco Systems
2011-02-26 18:54:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cisco Systems
.
==================== Find3M ====================
.
2011-03-07 03:42:07 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-03-07 03:42:07 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-03-07 03:41:49 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-03-05 19:10:28 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-05 19:10:28 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-27 12:43:56 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-16 17:59:04 138056 -c--a-w- c:\docume~1\kenhen~1\applic~1\PnkBstrK.sys
2011-01-16 17:58:22 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:48:31.48 ===============

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-13 19:00:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 ST3500410AS rev.CC34
Running: gmer.exe; Driver: C:\DOCUME~1\KENHEN~1\LOCALS~1\Temp\kwldqpod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB7EAF0E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7EAF0F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7EAF120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7EAF176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB7EAF0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7EAF0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7EAF0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB7EAF10A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB7EAF14C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB7EAF136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7EAF1A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7EAF18C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7EAF160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B7EAF164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70CA3A0, 0x59FFE5, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB4A97280]
? C:\DOCUME~1\KENHEN~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF009A
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0089
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0062
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0040
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F59
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F74
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00EB
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F48
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00FC
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0051
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF00AB
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0025
.text C:\WINDOWS\Explorer.EXE[468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF00C6
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0014
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0F9E
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0051
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BE0040
.text C:\WINDOWS\Explorer.EXE[468] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0025
.text C:\WINDOWS\Explorer.EXE[468] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D4005A
.text C:\WINDOWS\Explorer.EXE[468] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40FCF
.text C:\WINDOWS\Explorer.EXE[468] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40038
.text C:\WINDOWS\Explorer.EXE[468] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40000
.text C:\WINDOWS\Explorer.EXE[468] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40049
.text C:\WINDOWS\Explorer.EXE[468] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D40011
.text C:\WINDOWS\Explorer.EXE[468] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C20000
.text C:\WINDOWS\Explorer.EXE[468] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\Explorer.EXE[468] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C20FD4
.text C:\WINDOWS\Explorer.EXE[468] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\Explorer.EXE[468] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C00022
.text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F5B
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0050
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF003F
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F80
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0F9B
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0086
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0075
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00C3
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF00B2
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00D4
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0022
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F4A
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0097
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0F83
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0F9E
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30042
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FC1
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30FE3
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30FD2
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3001D
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00C10FC0
.text C:\WINDOWS\system32\svchost.exe[748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60FDB
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B60011
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B50089
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B50078
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B50F9E
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50FAF
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B5002C
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B500D2
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B500B5
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50F4D
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50F5E
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B50F28
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50047
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B50011
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B5009A
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50FC0
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B50FD1
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B50F79
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B40FBC
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B40028
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40FCD
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B40FDE
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B40F75
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B40F90
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D4, 88] {AAM 0x88}
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B40FA1
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70075
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B7005A
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B7002E
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B7003F
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70011
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01CD0000
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01CD0022
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01CD0011
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01CC0000
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01CC0F99
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01CC008E
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01CC007D
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01CC006C
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01CC0FCA
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01CC00D5
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01CC00C4
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01CC010B
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01CC00F0
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01CC011C
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01CC005B
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01CC0FDB
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01CC00B3
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01CC0036
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01CC001B
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01CC0F72
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01CB0FAF
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01CB0062
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01CB000A
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01CB0FD4
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01CB0051
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01CB0FEF
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01CB0036
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01CB001B
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01D90044
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 01D90033
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01D90FD7
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01D90000
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01D90022
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01D90011
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01D80FE5
.text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01CA0FE5
.text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01CA0FCA
.text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01CA0FB9
.text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01CA0000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0005001B
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040093
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040F9E
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040FAF
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0004006C
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0004004A
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F83
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000400BF
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0004011C
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0004010B
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040F68
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0004005B
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FDE
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000400AE
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0004002F
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040014
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000400E6
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D60FB2
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D60025
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60FE5
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D60FC3
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D60065
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D6004A
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FA4
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FB5
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FC6
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D00011
.text C:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0F55
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF004A
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0F70
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0F8D
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0014
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0F27
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F38
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF00A5
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF008A
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF00B6
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF002F
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0065
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0FA8
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F16
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E40FC0
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E40047
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40F94
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E40036
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E40FAF
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D20F7A
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D20F8B
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D20FC1
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D20FA6
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D20FD2
.text C:\WINDOWS\system32\lsass.exe[1116] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC008E
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC0073
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0062
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0051
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0FAF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC00C4
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC00A9
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC0F50
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC00DF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC0104
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0F7E
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC0FCA
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC0F61
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02410036
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02410F9E
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02410FE5
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0241001B
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02410FB9
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02410000
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02410FCA
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [61, 8A]
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02410051
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF002C
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FAB
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FC6
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DD0FD4
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0F5C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F81
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0F92
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC005B
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0FCD
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0082
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F3A
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC00A7
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC0F0E
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC0EF3
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC004A
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC0F4B
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC0FDE
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC0F1F
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E00011
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00F9E
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E00FC0
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00000
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00FAF
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E00047
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E0002C
.text C:\WINDOWS\system32\svchost.exe[1424] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF0FB2
.text C:\WINDOWS\system32\svchost.exe[1424] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FC3
.text C:\WINDOWS\system32\svchost.exe[1424] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0022
.text C:\WINDOWS\system32\svchost.exe[1424] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[1424] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF0033
.text C:\WINDOWS\system32\svchost.exe[1424] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF0011
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03240000
.text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0324002C
.text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0324001B
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0323000A
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03230073
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03230062
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03230F88
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03230FA5
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03230036
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 032300BA
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0323009F
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 032300E6
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03230F4D
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 032300F7
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03230047
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03230FE5
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0323008E
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03230FCA
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0323001B
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 032300CB
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03220FC3
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03220F83
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03220014
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03220FDE
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03220F9E
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03220FEF
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03220040
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0322002F
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03210044
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!system 77C293C7 5 Bytes JMP 03210033
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03210FDE
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03210FEF
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03210FCD
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0321000C
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03200FEF
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 031F0FEF
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 031F0FDE
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 031F0FCD
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 031F001E
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630F4D
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630038
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630F5E
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00630F94
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630073
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630F2B
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00630EF5
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630F06
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00630EDA
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630F83
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00630FDB
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00630F3C
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630FAF
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00630FC0
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630084
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FB9
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660F86
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660014
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FDE
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660039
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00660F97
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [86, 88]
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660FA8
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FAD
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650042
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FD2
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650027
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00790FEF
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00790FB9
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00790FD4
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780073
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F7E
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780062
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780051
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007800B0
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0078009F
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780F28
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F4D
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00780F17
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780036
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FE5
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0078008E
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FC0
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800C1
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007C0FC3
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007C0039
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007C0014
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007C0FDE
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007C0F7C
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007C0F97
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9C, 88]
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007C0FA8
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007B0058
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!system 77C293C7 5 Bytes JMP 007B0047
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007B0FCD
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007B002C
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007B0FDE
.text C:\WINDOWS\system32\svchost.exe[1716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007A0000
.text C:\Program Files\MSN\MSNCoreFiles\msn.exe[1804] WININET.dll!InternetGoOnlineW 3D9A113B 5 Bytes JMP 2013BE88 C:\Program Files\MSN\MSNCoreFiles\msnmetal.dll (msnmetal/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00710000
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00710025
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00710FE5
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700FE5
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0070006A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700F75
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700F86
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700039
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700FA8
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700F46
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0070008C
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00700F09
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00700F24
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007000BD
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00700F97
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0070007B
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700FC3
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00700F35
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FC7
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0F94
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0022
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F0011
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0FA5
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006F0FB6
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 88]
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F0033
.text C:\WINDOWS\System32\svchost.exe[1816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E005D
.text C:\WINDOWS\System32\svchost.exe[1816] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0FD2
.text C:\WINDOWS\System32\svchost.exe[1816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FE3
.text C:\WINDOWS\System32\svchost.exe[1816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E000C
.text C:\WINDOWS\System32\svchost.exe[1816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0038
.text C:\WINDOWS\System32\svchost.exe[1816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E001D
.text C:\WINDOWS\System32\svchost.exe[1816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[1844] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00710FEF
.text C:\WINDOWS\System32\svchost.exe[1844] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00710025
.text C:\WINDOWS\System32\svchost.exe[1844] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00710014
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700000
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700086
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700F9B
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700069
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700058
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700FB6
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007000CF
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007000B4
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00700F36
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00700F51
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00700F25
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0070003D
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700011
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00700097
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700FD1
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00700022
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00700F62
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F006C
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0025
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0FAF
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 006F005B
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F0040
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E006E
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0053
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0038
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0FE3
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0011
.text C:\WINDOWS\System32\svchost.exe[1844] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\svchost.exe[1872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01090000
.text C:\WINDOWS\system32\svchost.exe[1872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01090011
.text C:\WINDOWS\system32\svchost.exe[1872] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01090FE5
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01080000
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01080F3C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01080F57
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01080F68
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01080F83
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0108001B
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0108005D
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01080F15
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01080EE9
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01080EFA
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01080ECE
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01080F9E
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01080FEF
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0108004C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01080FAF
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01080FCA
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01080082
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010C0FD4
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010C0087
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010C0FE5
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010C001B
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010C006C
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010C0000
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010C0051
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010C0040
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010B004A
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!system 77C293C7 5 Bytes JMP 010B0FB5
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010B0FC6
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010B0000
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010B0025
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010B0FD7
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010A0FEF
.text C:\WINDOWS\system32\svchost.exe[2324] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[2324] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\svchost.exe[2324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F92
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0FA3
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA007D
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA006C
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F55
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F66
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0F29
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA00B8
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA00DD
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0047
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0F77
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F3A
.text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90054
.text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90F8D
.text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C90FA8
.text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP C89FEDE5
.text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[2324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FBC
.text C:\WINDOWS\system32\svchost.exe[2324] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C8003D
.text C:\WINDOWS\system32\svchost.exe[2324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C8001B
.text C:\WINDOWS\system32\svchost.exe[2324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[2324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C8002C
.text C:\WINDOWS\system32\svchost.exe[2324] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80FE3
.text C:\WINDOWS\System32\svchost.exe[2584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\System32\svchost.exe[2584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F80014
.text C:\WINDOWS\System32\svchost.exe[2584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F80FDE
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70069
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70058
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F74
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70F91
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7002C
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F3C
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70084
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700CB
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700B0
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F700DC
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F7003D
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70011
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F59
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70FC0
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FDB
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F7009F
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60011
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60051
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60000
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FCA
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60F9E
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F60FAF
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [16, 89]
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F6002C
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50FCA
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F5004B
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50029
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F5003A
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\System32\svchost.exe[2584] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs InCDRec.sys (Nero InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4700 series@ChangeID 6469953

---- EOF - GMER 1.0.15 ----



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:01:13 PM, on 3/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Ken Henrikson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Msn Member | MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110112071253.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265501466609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1265566893765
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\KENHEN~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)

--
End of file - 8217 bytes
 

Attachments

See less See more
#2 ·
Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Execute this also,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

For AVG antivirus and anti-spyware security software users only.
Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.
Please post the logs and let me know what problem persists.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top