Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 35

Thread: Explorer & Google redirects

  1. 2010-01-29, 06:04 #11
    jpfof7
    jpfof7 is offline
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default

    I ran HJT and deleted the line 020 referenced above. After that I couldn't find the file referenced so I hope you meant the fix in HJT was actually the delete.

    Here is the latest HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:50:25 PM, on 1/28/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-grpj
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/supergerball...GameLoader.dll
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    O24 - Desktop Component 0: (no name) - http://www.rmtadventures.ca/causway%...ir%20009fp.jpg

    --
    End of file - 12506 bytes
  2. 2010-01-29, 12:47 #12
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Between Combofix and Malwarebytes your system was cleaned up fairly well.

    That file is gone, not to worry.

    You had some bad entries in your System Restore program, follow this procedure to flush it all out and its important to create a new restore point

    System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

    Turn off System Restore.

    • Right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore on all Drives.
    • Click Apply, and then click OK.


    Reboot your computer

    Turn ON System Restore.

    • Right-click My Computer.
    • ClickProperties.
    • Click the System Restore tab.
    • UN-Check Turn off System Restore on all Drives.
    • Click Apply, and then click OK.


    Create a new Restore Point <-- Very Important

    • Go to Start> All Programs> Assesories> System Tools> System Restore and create a New Restore Point

    System Restore Tutorial <-- If you need it



    Open Internet Explorer and go to Tools > Windows Updates and download and install all critical updates including IE 8 which has more security built in than IE 7


    How are things running now ????
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2010-01-29, 16:40 #13
    jpfof7
    jpfof7 is offline
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default Still getting msconfig error

    Before I create a new restore point I wanted to note one last strange behavior. Upon boot I am getting a message that my System Admin or msconfig settings are not allowing complete startup. When I go to msconfig to change to button to normal start I then get a message that I need to use a user profile that is an administrator. I then get the message to restart or exit without restart. I also notice this morning that one of my McAfee protections was turned off. It was the systems guards option. Now that I think about it if my computer only used a limited boot maybe it just didn't start that option. Either way this is behavior that I didn't experience before we started cleaning up the mess.

    I will wait for your comment before creating a new restore point.

    Thanks
  4. 2010-01-30, 04:47 #14
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Start your computer in Safemode and log on as administrator

    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode
    • Then press the Enter Key on your Keyboard

    Tutorial if you need it How to boot into Safemode


    Then go to msconfig and select Normal Startup, ok your way out, reboot and see if that error goes away
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2010-02-01, 19:29 #15
    jpfof7
    jpfof7 is offline
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default Created new restore point

    I created a new restore point. I am still experiencing unusual things when I reboot. Sometime part of McAfee isn't active, sometimes it boots with limited configuration but it isn't consistent. I am also still getting the message that any changes to msconfig are not possible because I am not the adminstrator. I tried the do this in safe mode but received the same error. I think it is best to close this thread and I will open an new one if necessary.

    I need to do some research on the use of msconfig. All I was trying to do was eliminate the starting of mimboot.exe. Maybe I am confusing the way Windows XP boots after you make a change to msconfig.

    My fear is I still have a virus that is periodically shutting down McAfee so it can do some dirty work.

    Thank you for all your help.
  6. 2010-02-01, 20:16 #16
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    No need to close, we will continue until we are sure your clean.

    I would like you to run this Rootkit scanner, follow the instructions closely and if it gives you issues than run it in Safemode.




    Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in your next reply.


    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2010-02-02, 00:16 #17
    jpfof7
    jpfof7 is offline
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default Does GMER take hours to run

    I ran it in safemode. Running in in normal caused a reboot. It is running for hours now apparently scanning every file. Is this how it should run?
  8. 2010-02-02, 01:43 #18
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Did you tick and untick the boxes in the picture ? It does take awhile
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  9. 2010-02-02, 04:04 #19
    jpfof7
    jpfof7 is offline
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default screen resolution won't show the save button

    GMER won't display the save button on my monitor in safe mode. The screen resolution is too big. I can just barely get to the scan button. It took a few hours to run and I am trying to figure out how to get to the save and create a txt file.
  10. 2010-02-02, 08:19 #20
    jpfof7
    jpfof7 is offline
    Member
    Join Date
    Jan 2010
    Posts
    51

    Default Results of GMER Part 1

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-02-01 22:45:07
    Windows 5.1.2600 Service Pack 3
    Running: 0jgcfd9r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtiaaob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEEEB678A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEEEB6821]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEEEB6738]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEEEB674C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEEEB6835]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEEEB6861]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEEEB68CF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEEEB68B9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEEEB67CA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEEEB68FB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEEEB680D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEEEB6710]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEEEB6724]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEEEB679E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEEEB6937]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEEEB68A3]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEEEB688D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEEEB684B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEEEB6923]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEEEB690F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEEEB6776]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEEEB6762]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEEEB6877]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEEEB67F9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEEEB68E5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEEEB67E0]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEEEB67B4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EEEB67B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwOpenKey 80568EE9 5 Bytes JMP EEEB6811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwQueryValueKey 8056A382 7 Bytes JMP EEEB6891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtCreateFile 8056F600 5 Bytes JMP EEEB678E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtSetInformationProcess 80570441 5 Bytes JMP EEEB6766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateKey 80572E9D 5 Bytes JMP EEEB6825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwQueryKey 805732AD 7 Bytes JMP EEEB693B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 7 Bytes JMP EEEB68D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenProcess 805741D0 5 Bytes JMP EEEB6714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057457F 7 Bytes JMP EEEB67A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80578606 5 Bytes JMP EEEB67E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtMapViewOfSection 80578A81 7 Bytes JMP EEEB67CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetValueKey 80579A43 7 Bytes JMP EEEB687B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 80581030 7 Bytes JMP EEEB6750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 805836B0 5 Bytes JMP EEEB67FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenThread 8058B58D 5 Bytes JMP EEEB6728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058BA5D 5 Bytes JMP EEEB68FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590669 7 Bytes JMP EEEB68BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D50 7 Bytes JMP EEEB6865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteKey 805952BE 7 Bytes JMP EEEB6839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EEEB673C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetContextThread 8062DD47 5 Bytes JMP EEEB677A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnloadKey 8064DA6E 7 Bytes JMP EEEB68E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E394 7 Bytes JMP EEEB68A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRenameKey 8064E812 7 Bytes JMP EEEB684F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRestoreKey 8064ED05 5 Bytes JMP EEEB6913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwReplaceKey 8064F16E 5 Bytes JMP EEEB6927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012F0FE5
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012F0F70
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012F005B
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012F0F8D
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012F0040
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012F0F9E
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012F0F42
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012F008A
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012F0F20
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012F00AF
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012F0F0F
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012F002F
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012F0FD4
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012F0F5F
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012F000A
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012F0FB9
    .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012F0F31
    .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 012E0FCA
    .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 012E0F79
    .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 012E0011
    .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 012E0000
    .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 012E0036
    .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 012E0FEF
    .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 012E0F94
    .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4E, 89]
    .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 012E0FAF
    .text C:\WINDOWS\system32\svchost.exe[548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012D0038
    .text C:\WINDOWS\system32\svchost.exe[548] msvcrt.dll!system 77C293C7 5 Bytes JMP 012D0027
    .text C:\WINDOWS\system32\svchost.exe[548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012D0FC8
    .text C:\WINDOWS\system32\svchost.exe[548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012D000C
    .text C:\WINDOWS\system32\svchost.exe[548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012D0FAD
    .text C:\WINDOWS\system32\svchost.exe[548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012D0FEF
    .text C:\WINDOWS\system32\svchost.exe[548] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012C000A
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B50000
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B50F88
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B50F99
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02B5007D
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02B50062
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02B50036
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02B500AC
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02B50F66
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02B500C7
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02B50F38
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02B50F09
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02B50051
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02B50FE5
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02B50F77
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02B50FCA
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02B50011
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B50F49
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B4002C
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B40FAF
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B40FDB
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B40011
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B40FC0
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B40000
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02B40062
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B4003D
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B30F81
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B30F9C
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B30FC1
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B30FEF
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B3000C
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02B30FD2
    .text C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe[848] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B20000
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01310FE5
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01310053
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01310F5E
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01310F79
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01310F94
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01310025
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01310F2D
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01310075
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01310EDC
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01310F01
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01310090
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01310036
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0131000A
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01310064
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01310FB9
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01310FCA
    .text C:\WINDOWS\system32\services.exe[872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01310F12
    .text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01300040
    .text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01300076
    .text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01300025
    .text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01300000
    .text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01300FB9
    .text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01300FEF
    .text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0130005B
    .text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01300FD4
    .text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012F0049
    .text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!system 77C293C7 5 Bytes JMP 012F0FBE
    .text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012F0027
    .text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012F0000
    .text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012F0038
    .text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012F0FEF
    .text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012E0FEF
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC0FEF
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EC0089
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EC0F94
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EC0062
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EC0FAF
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EC0040
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EC00A4
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EC0F68
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC0F26
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EC0F41
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EC0F15
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EC0051
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EC000A
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EC0F79
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EC0025
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EC0FD4
    .text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EC00BF
    .text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EB003D
    .text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EB00A9
    .text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EB002C
    .text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EB001B
    .text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EB008E
    .text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EB000A
    .text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EB0073
    .text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EB0058
    .text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EA0062
    .text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EA003D
    .text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EA0011
    .text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EA0000
    .text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EA002C
    .text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EA0FD7
    .text C:\WINDOWS\system32\lsass.exe[884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E90FEF
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A80FE5
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A80F50
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A80F61
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A80039
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A80028
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A80F97
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A8007B
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A8006A
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A800A7
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A8008C
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A80EF3
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A80F86
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A80FD4
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A80F3F
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A80FA8
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A80FB9
    .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A80F18
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A70047
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A70F9B
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A7002C
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A7001B
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A70062
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A70000
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A70FB6
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C7, 88]
    .text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A70FD1
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A60049
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A6002E
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A6001D
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A6000C
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A60FBE
    .text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A60FE3
    .text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A5000A
    .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A30000
    .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A30F97
    .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A30FA8
    .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A30082
    .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A30065
    .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules