View Full Version : Update Issues
tiosimon
2009-03-29, 19:00
HI Shaba.
:sad::sad:Please accept my apologise, for not getting back to you, i was trying to put a reply in but couldn't find my post's. i found them in the Archive forum.
i have run two scans with gmer but each time i kept getting an error message saying "A problem has occured and gmer needs to close, windows will now search for a solution". (or something like that).
I will give it another try in the meantime.
thanx
Si.
http://forums.spybot.info/showpost.php?p=300578&postcount=14
tiosimon
2009-03-30, 10:35
Hello.
I managed to run another scan, and it worked!!!!!!! Here is the gmer results.
GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-29 22:47:58
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA9DE17FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9DE1825]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA9DE184D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA9DE180F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9DE17E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA9DE1863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA9DE1839]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 81C3BC26 5 Bytes JMP A9DE183D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 81E053CB 7 Bytes JMP A9DE1813 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 81E124C0 5 Bytes JMP A9DE1867 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 81E12849 7 Bytes JMP A9DE1851 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 81E1D078 5 Bytes JMP A9DE17FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 81E21FDB 5 Bytes JMP A9DE17EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 81E912A5 5 Bytes JMP A9DE1829 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Please see nxt post as it was telling me that the txt was too long. CONT...........
tiosimon
2009-03-30, 11:08
.................CONT
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 003600A6
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00360F60
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 00360F3B
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 003600C8
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00360070
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 0036003D
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 0036005F
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 0036004E
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 00360081
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 00360FA2
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00360FD1
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 00360F71
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 003600E3
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00360011
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00360000
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 0036002C
.text C:\Windows\system32\services.exe[664] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 003600B7
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00370F94
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00370FCA
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 00370000
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00370FAF
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00370F79
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00370FE5
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 0037001B
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 0037002C
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00400055
.text C:\Windows\system32\services.exe[664] msvcrt.dll!system 778E8B63 5 Bytes JMP 00400044
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00400FEF
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 0040000C
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00400FD4
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 0040001D
.text C:\Windows\system32\services.exe[664] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 00720F3C
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00720082
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 007200C2
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 00720F2B
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00720F61
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 0072000A
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 00720F72
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 00720025
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 0072004C
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 00720F8D
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00720F9E
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 00720071
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 00720F10
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00720FD4
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00720FE5
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 00720FB9
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 007200A7
.text C:\Windows\system32\svchost.exe[684] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00780042
.text C:\Windows\system32\svchost.exe[684] msvcrt.dll!system 778E8B63 5 Bytes JMP 00780027
.text C:\Windows\system32\svchost.exe[684] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00780FC8
.text C:\Windows\system32\svchost.exe[684] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 0078000C
.text C:\Windows\system32\svchost.exe[684] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00780FB7
.text C:\Windows\system32\svchost.exe[684] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00780FE3
.text C:\Windows\system32\svchost.exe[684] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00730036
.text C:\Windows\system32\svchost.exe[684] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00730F9E
.text C:\Windows\system32\svchost.exe[684] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 00730FEF
.text C:\Windows\system32\svchost.exe[684] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00730025
.text C:\Windows\system32\svchost.exe[684] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00730F83
.text C:\Windows\system32\svchost.exe[684] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 0073000A
.text C:\Windows\system32\svchost.exe[684] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 00730FDE
.text C:\Windows\system32\svchost.exe[684] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00730FB9
.text C:\Windows\system32\svchost.exe[684] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00710FEF
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 001D009D
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 001D0F57
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 001D00CC
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 001D0F2B
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 001D0064
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 001D0F8A
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 001D0F9B
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 001D0F79
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 001D003D
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 001D002C
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 001D0F68
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 001D0F10
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 001D000A
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 001D001B
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 001D0F3C
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 004F0F94
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 004F0FB9
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 004F0000
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 004F0040
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 004F005B
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 004F0FE5
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 004F0011
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 004F0FCA
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00500F8B
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!system 778E8B63 5 Bytes JMP 00500F9C
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00500FD2
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00500000
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00500FB7
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00500FE3
.text C:\Windows\system32\lsass.exe[688] WS2_32.dll!socket 768A36D1 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 001F0071
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 001F0060
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 001F0EF5
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 001F0F06
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 001F0F50
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 001F0FB9
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 001F0F61
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 001F0F83
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 001F0F3F
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 001F0F72
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 001F0F9E
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 001F0045
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 001F0EDA
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 001F0FCA
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 001F0082
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 006D0062
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!system 778E8B63 5 Bytes JMP 006D0047
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 006D0011
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 006D0FEF
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 006D002C
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 006D0000
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 006C002F
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 006C0F9E
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 006C0FE5
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 006C0F8D
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 006C0F72
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 006C0FC0
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 006C0000
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 006C0FAF
.text C:\Windows\system32\svchost.exe[888] WS2_32.dll!socket 768A36D1 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 007D00D0
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 007D00B5
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 007D00EB
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 007D0F54
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 007D0F94
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 007D0FC3
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 007D006E
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 007D0040
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 007D0089
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 007D0051
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 007D002F
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 007D009A
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 007D0F43
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 007D0FEF
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 007D0000
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 007D0FD4
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 007D0F6F
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 007F0F84
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!system 778E8B63 5 Bytes JMP 007F0F95
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 007F0FC1
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 007F0FEF
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 007F0FA6
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 007F0FD2
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 007E0051
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 007E002C
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 007E0FEF
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 007E0FAF
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 007E0F8A
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 007E0FD4
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 007E001B
.text C:\Windows\system32\svchost.exe[948] WS2_32.dll!socket 768A36D1 5 Bytes JMP 006E0FEF
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 00FB00C9
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00FB0F83
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 00FB00FF
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 00FB0F68
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00FB0FA5
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 00FB0025
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 00FB0073
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 00FB0047
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 00FB00A4
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 00FB0062
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00FB0036
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 00FB0F94
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 00FB0124
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00FB000A
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00FB0FEF
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 00FB0FD4
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 00FB00E4
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00FD0F9C
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!system 778E8B63 5 Bytes JMP 00FD001D
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00FD0FC8
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00FD0FE3
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00FD0FAD
.text C:\Windows\System32\svchost.exe[984] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00FD000C
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00FC0051
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00FC0FC0
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 00FC0000
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00FC0FAF
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00FC0F94
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00FC0FD1
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 00FC0011
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00FC002C
.text C:\Windows\System32\svchost.exe[984] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00F7000A
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 00E100A5
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00E10F5F
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 00E10F29
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 77461C36 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 00E10F3A
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00E10FA6
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 00E1002F
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 00E10FC3
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 00E10065
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 00E10F8B
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 00E10076
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00E1004A
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 00E10F70
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 00E10F0E
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00E10FDE
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00E10FEF
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 00E10014
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 00E100B6
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00EF0F97
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!system 778E8B63 5 Bytes JMP 00EF0022
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00EF0011
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00EF0000
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00EF0FBC
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00EF0FE3
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00EA0F79
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00EA0011
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 00EA0FEF
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00EA0F94
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00EA0F5E
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00EA0FC0
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 00EA0000
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00EA0FA5
.text C:\Windows\System32\svchost.exe[1072] WS2_32.dll!socket 768A36D1 5 Bytes JMP 006E0FEF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 006E0087
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 006E0076
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 006E0F0B
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 006E00A2
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 006E0065
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 006E0FB9
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 006E004A
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 006E0F9E
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 006E0F66
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 006E0F8D
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 006E0025
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 006E0F55
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 006E0EFA
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 006E0FEF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 006E0000
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 006E0FDE
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 006E0F30
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 008A0FC3
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!system 778E8B63 5 Bytes JMP 008A004E
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 008A0022
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 008A0000
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 008A0033
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 008A0011
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00890FCA
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00890051
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 0089000A
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 0089006C
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00890091
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00890036
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 0089001B
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00890FE5
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 768A36D1 5 Bytes JMP 006C0000
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 00D80F6D
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00D80F7E
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 00D80F3A
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 00D80F4B
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00D8007D
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 00D80036
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 00D8006C
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 00D80FCA
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 00D80098
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 00D80FB9
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00D80047
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 00D800A9
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 00D80F29
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00D80011
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00D80000
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 00D80FDB
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 00D80F5C
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00DA0F90
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!system 778E8B63 5 Bytes JMP 00DA0FA1
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00DA0011
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00DA0FE3
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00DA0FB2
.text C:\Windows\system32\svchost.exe[1132] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00DA0000
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00D9005F
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00D90033
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 00D90FE5
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00D90044
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00D90F98
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00D90011
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 00D90000
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00D90022
.text C:\Windows\system32\svchost.exe[1132] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00D30FE5
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 00C90078
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00C90F28
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 00C90EFC
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 00C90F0D
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00C90049
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 00C90000
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 00C90F6F
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 00C90022
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 00C90F5E
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 00C90F80
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00C90011
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 00C90F43
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 00C900B8
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00C90FCA
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00C90FE5
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 00C90FAF
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 00C90089
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00CB003A
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!system 778E8B63 5 Bytes JMP 00CB0FAF
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00CB0029
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00CB000C
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00CB0FD4
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00CB0FEF
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00CA0025
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00CA0F79
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 00CA0FE5
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00CA0000
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00CA0036
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00CA0FB9
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 00CA0FD4
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00CA0F9E
.text C:\Windows\system32\svchost.exe[1224] WS2_32.dll!socket 768A36D1 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 006E00E4
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 006E00D3
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 006E011A
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 006E00FF
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 006E0FB2
CONTINUED............................
tiosimon
2009-03-30, 11:11
.................CONTINUED
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 006E0025
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 006E008C
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 006E0054
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 006E00A7
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 006E006F
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 006E0FC3
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 006E00B8
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 006E012B
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 006E0FEF
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 006E000A
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 006E0FDE
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 006E0F83
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00F10042
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!system 778E8B63 5 Bytes JMP 00F10027
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00F10FD2
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00F10FEF
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00F10FC1
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00F10000
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00E00FC3
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00E0005B
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 00E0000A
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00E00FDE
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00E00FA8
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00E00036
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 00E00025
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00E00FEF
.text C:\Windows\system32\svchost.exe[1320] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00680FEF
.text C:\Windows\system32\svchost.exe[1320] WinInet.dll!InternetOpenA 763503DD 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[1320] WinInet.dll!InternetOpenUrlA 763520A3 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\svchost.exe[1320] WinInet.dll!InternetOpenW 76352A58 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[1320] WinInet.dll!InternetOpenUrlW 7639AF79 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 00890F3C
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00890078
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 00890EFF
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 00890F10
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00890F57
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 00890FC3
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 00890F72
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 0089002F
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 0089004C
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 00890F8D
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00890FB2
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 00890067
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 008900A7
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00890FD4
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00890FEF
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 00890014
.text C:\Windows\system32\svchost.exe[1524] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 00890F21
.text C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 008B005D
.text C:\Windows\system32\svchost.exe[1524] msvcrt.dll!system 778E8B63 5 Bytes JMP 008B0038
.text C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 008B000C
.text C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 008B001D
.text C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 008B0FD2
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 008A004A
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA 777DB8AE 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 008A0FB2
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 008A0039
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 008A0F8D
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 008A0FC3
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 008A001E
.text C:\Windows\system32\svchost.exe[1524] WS2_32.dll!socket 768A36D1 5 Bytes JMP 006E0000
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 00050F6F
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00050F80
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 000500E1
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 000500D0
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00050FC0
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 00050051
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 0005008E
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 00050F9B
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 0005007D
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 000500AB
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 00050F2F
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[1536] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 00050F5E
.text C:\Windows\System32\svchost.exe[1536] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00070F97
.text C:\Windows\System32\svchost.exe[1536] msvcrt.dll!system 778E8B63 5 Bytes JMP 00070FA8
.text C:\Windows\System32\svchost.exe[1536] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00070FD4
.text C:\Windows\System32\svchost.exe[1536] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[1536] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00070FC3
.text C:\Windows\System32\svchost.exe[1536] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 0007000C
.text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00060F94
.text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00060FAF
.text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00060051
.text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00060025
.text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00060FCA
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 004A0F81
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 004A00C7
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 004A00FD
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 004A00E2
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 004A0FB7
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 004A0036
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 004A0FC8
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 004A006C
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 004A0FA6
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 004A0087
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 004A0051
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 004A00B6
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 004A0118
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 004A000A
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 004A0FEF
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 004A001B
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 004A0F70
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00500F97
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!system 778E8B63 5 Bytes JMP 00500FBC
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00500011
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00500000
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 0050002C
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00500FD7
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 004F0F9B
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 004F0033
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 004F0000
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 004F0FB6
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 004F0058
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 004F0022
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 004F0011
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 004F0FC7
.text C:\Windows\system32\svchost.exe[1712] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00450000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 030500AE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 0305009D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 030500C9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 03050F32
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 03050F8D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 03050FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 03050F9E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 03050FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!VirtualProtectEx 77488D7E 1 Byte [E9]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 03050082
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 03050051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 03050FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 03050F72
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 030500E4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 0305001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 03050000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 0305002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 03050F4D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 03070036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] msvcrt.dll!system 778E8B63 5 Bytes JMP 03070FAB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 0307001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 03070000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 03070FC6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 03070FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 03060FA5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 03060FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 0306000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 03060047
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 03060F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 0306002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 0306001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 03060FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00C30000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] WinInet.dll!InternetOpenA 763503DD 5 Bytes JMP 034E0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] WinInet.dll!InternetOpenUrlA 763520A3 5 Bytes JMP 034E0014
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] WinInet.dll!InternetOpenW 76352A58 5 Bytes JMP 034E0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1916] WinInet.dll!InternetOpenUrlW 7639AF79 5 Bytes JMP 034E0FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 009500CA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 009500B9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 0095010A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 009500EF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 0095008D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 0095003D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 0095007C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 0095005F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 0095009E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 00950FB3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 0095004E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 00950F84
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 0095011B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 0095001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00950000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 0095002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 00950F73
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 00B30F8D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 00B30039
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 00B30FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00B30FB2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00B30054
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00B30FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 00B3000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00B30FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00B40F92
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] msvcrt.dll!system 778E8B63 5 Bytes JMP 00B40FAD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 00B4001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00B4000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00B40FC8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00B40FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2052] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 00010F12
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 000100A9
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 0001002F
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 00010F8D
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 00010F72
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00010FA8
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 00010EF7
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[2584] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 00010F2D
.text C:\Windows\system32\svchost.exe[2584] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 00090FC6
.text C:\Windows\system32\svchost.exe[2584] msvcrt.dll!system 778E8B63 5 Bytes JMP 00090047
.text C:\Windows\system32\svchost.exe[2584] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 0009002C
.text C:\Windows\system32\svchost.exe[2584] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[2584] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 00090FD7
.text C:\Windows\system32\svchost.exe[2584] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 5 Bytes JMP 000A0F9E
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyA 777DB8AE 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyA 777E0BF5 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyW 777EB83D 3 Bytes JMP 000A0040
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyW + 4 777EB841 1 Byte [88]
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 3 Bytes JMP 000A0F8D
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyExW + 4 777EBCE5 1 Byte [88]
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 3 Bytes JMP 000A0014
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyExA + 4 777ED4EC 1 Byte [88]
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 000A002F
.text C:\Windows\system32\svchost.exe[2584] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00660FEF
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!GetStartupInfoW 77461929 5 Bytes JMP 000100BD
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!GetStartupInfoA 774619C9 5 Bytes JMP 00010F77
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!CreateProcessW 77461C01 5 Bytes JMP 000100DF
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!CreateProcessA 77461C36 5 Bytes JMP 00010F48
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!VirtualProtect 77461DD1 5 Bytes JMP 00010076
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!CreateNamedPipeW 77465C44 5 Bytes JMP 00010025
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!LoadLibraryExW 774830C3 5 Bytes JMP 00010F9C
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!LoadLibraryW 7748361F 5 Bytes JMP 0001004A
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!VirtualProtectEx 77488D7E 5 Bytes JMP 00010091
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!LoadLibraryExA 77489469 5 Bytes JMP 0001005B
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!LoadLibraryA 77489491 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!CreatePipe 77490284 5 Bytes JMP 000100A2
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!GetProcAddress 774AB8B6 5 Bytes JMP 000100F0
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!CreateFileW 774ACC4E 5 Bytes JMP 00010000
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!CreateFileA 774ACF71 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!CreateNamedPipeA 774F41F6 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[3180] kernel32.dll!WinExec 774F53E7 5 Bytes JMP 000100CE
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegCreateKeyExA 777DB5E7 3 Bytes JMP 00090051
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegCreateKeyExA + 4 777DB5EB 1 Byte [88]
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegCreateKeyA 777DB8AE 3 Bytes JMP 0009001B
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegCreateKeyA + 4 777DB8B2 1 Byte [88]
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegOpenKeyA 777E0BF5 3 Bytes JMP 00090FEF
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegOpenKeyA + 4 777E0BF9 1 Byte [88]
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegCreateKeyW 777EB83D 5 Bytes JMP 00090036
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegCreateKeyExW 777EBCE1 5 Bytes JMP 00090F94
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegOpenKeyExA 777ED4E8 5 Bytes JMP 00090FD4
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegOpenKeyW 777F3CB0 5 Bytes JMP 0009000A
.text C:\Windows\Explorer.EXE[3180] ADVAPI32.dll!RegOpenKeyExW 777FF09D 5 Bytes JMP 00090FB9
.text C:\Windows\Explorer.EXE[3180] msvcrt.dll!_wsystem 778E8A47 5 Bytes JMP 000A0FB9
.text C:\Windows\Explorer.EXE[3180] msvcrt.dll!system 778E8B63 5 Bytes JMP 000A0044
.text C:\Windows\Explorer.EXE[3180] msvcrt.dll!_creat 778EC6F1 5 Bytes JMP 000A0FD4
.text C:\Windows\Explorer.EXE[3180] msvcrt.dll!_open 778EDA7E 5 Bytes JMP 000A0000
.text C:\Windows\Explorer.EXE[3180] msvcrt.dll!_wcreat 778EDC9E 5 Bytes JMP 000A0029
.text C:\Windows\Explorer.EXE[3180] msvcrt.dll!_wopen 778EDE79 5 Bytes JMP 000A0FEF
.text C:\Windows\Explorer.EXE[3180] WS2_32.dll!socket 768A36D1 5 Bytes JMP 02CC0FE5
.text C:\Windows\Explorer.EXE[3180] WININET.dll!InternetOpenA 763503DD 5 Bytes JMP 0346000A
.text C:\Windows\Explorer.EXE[3180] WININET.dll!InternetOpenUrlA 763520A3 5 Bytes JMP 03460FDE
.text C:\Windows\Explorer.EXE[3180] WININET.dll!InternetOpenW 76352A58 5 Bytes JMP 03460FEF
.text C:\Windows\Explorer.EXE[3180] WININET.dll!InternetOpenUrlW 7639AF79 5 Bytes JMP 0346002F
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
Sorry about the three post's, it wouldn't let me put it ALL in one post.
Si.
Hi
Please post a fresh hjt log and describe what are remaining symptoms there in your system (if any).
tiosimon
2009-04-07, 02:52
HI.
Ok, Will do
Thanks SI
tiosimon
2009-04-07, 12:33
HI
Here is my new HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:39, on 07/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Windows\SoundMan.exe
C:\Windows\alcwzrd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Registry_Cleaner_ProMFCT] C:\Program Files\Registry_Cleaner_Pro\Registry_Cleaner_Pro.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; InfoPath.1; .NET CLR 1.1.4322)" -"http://www.sun-sentinel.com/broadband/theedge/sfl-edge-a-hopps,0,694769.flash"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
--
End of file - 7625 bytes
Thanks
SI.
Hi
Do you have any issues remaining there? Didn't get a reply to that yet. :)
tiosimon
2009-04-09, 02:01
HI.
:oops:Sorry about that, i totally forgot to do that bit.
All of my updates including windows now seem to be working fine, but it still seems to be running quite slow considering i got 114GB Harddrive and 4GB of Ram (if that makes any difference).
When i go onto any site it takes ages to load up, and also when im clicking around the site, each page just takes a long time to load, where they should take seconds to load, it's taking between 20 & 60+ secs to load.
Simon.
Hi
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Have you defragged hard drive lately?
Please post a fresh uninstall list (instructions here (http://forums.spybot.info/showpost.php?p=298191&postcount=5) if needed) & a fresh RSIT log (instructions for RSIT here (http://forums.spybot.info/showpost.php?p=297895&postcount=2)).
tiosimon
2009-04-10, 23:22
Hi
I done a defrag a little while ago but not recently, I've downloaded the ATF Cleaner now so i will run that then do a defrag over night then post back ALL results.
Thank you
Simon
Ok. Shall wait for the results then :)
tiosimon
2009-04-13, 01:09
HI.
Sorry for the delay. Haven't managed to do a defrag yet, will try to do tonight.
Here is my Unistall List.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11
BroadJump Client Foundation
ConvertXtoDVD 3.3.4.106e
Corel Paint Shop Pro Photo XI
CyberLink PowerDVD 8
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
king.com (remove only)
Ladbrokes Casino
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Professional Edition 2003
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
PC Connectivity Solution
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
TeamViewer 3
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinZip 11.2
Simon.
Ok. While waiting for results of defragging process I'll give a few other piece of instructions :)
1) Uninstall Adobe Acrobat 4.0. That's badly outdated and not supported anymore.
2) Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 13 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.
tiosimon
2009-04-14, 12:32
HI.
Defrag is in proccess at the mo. when it is finished do i post a new HJT log, and or a new Uninstall list.
Simon
Hi
New hjt log is enough :)
tiosimon
2009-04-14, 14:41
HI.
OK, NO Probs.
SI
So, the defragging is still in progress?
tiosimon
2009-04-16, 14:30
HI.
Sorry about the delay, trying to get onto my pc is like a major task in itself, cause there is always someone on it lol!
Done defrag, At last! but don't know how to get the report for it. It's the vista version and don't show any results.
In the meantime here is my new HJT Log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:50, on 16/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Windows\SoundMan.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\alcwzrd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Registry_Cleaner_ProMFCT] C:\Program Files\Registry_Cleaner_Pro\Registry_Cleaner_Pro.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; InfoPath.1; .NET CLR 1.1.4322)" -"http://www.cartoonnetwork.co.uk/microsites/dexter/games/robotrumble/index.jsp"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
--
End of file - 7539 bytes
Simon
Done defrag, At last! but don't know how to get the report for it. It's the vista version and don't show any results.
Hi
Yes, there won't be any report generated with basic run :) Did defragging improve system performance at all?
tiosimon
2009-04-18, 01:02
Hi.
To be perfectly honest with ya! it doesn't seem to have made any difference really.
I have Ladbrokes Casino dowwloaded onto my comp, and i have it open most of the day, would that have an effect to the performance of my comp?
Simon
I have Ladbrokes Casino dowwloaded onto my comp, and i have it open most of the day, would that have an effect to the performance of my comp?
Hi Simon
You could try to have it closed for a day for example to see if it makes a difference. Also, please see "Help! My computer is slow!" (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html) -article written by miekiemoes :)
tiosimon
2009-04-18, 15:26
HI
OK, I will try that:):)
Thank you so much for ALL yours Help in getting rid of my viruses, sorting out my computer, i really do appreciate it, :bigthumb::bigthumb::bigthumb::bigthumb::bigthumb:
Simon
You're welcome and I hope those instructions help you in improving system performance :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.