Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows, IE and Firefox keep crashing ....

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows, IE and Firefox keep crashing ....

Unread postby artworks86 » June 2nd, 2010, 8:29 pm

I have been unable to install Windows Updates for some time now. I keep getting error 80027efd. I thought I had installed SP2 manually but when I booted up my computer today the system says it's SP1. Windows, IE (7 & 8) as well as Firefox keep crashing on me. The porblem appears to really flare up when I try to run Java applications.

HiJackThis Log (which I had to run in safe mode because it wouldn't let me save when booted normally):
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:11:47 PM, on 6/2/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ntuser_mssec.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11513 bytes



Uninstall List:
32 Bit HP CIO Components Installer
7-Zip 4.65
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BabyLuv
Bonjour
Bradford Persistent Agent
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco Systems VPN Client 5.0.03.0530
Compatibility Pack for the 2007 Office system
Connect
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink DVD Suite
CyberLink YouCam
CyberLink YouCam
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
EasyInfo
ESU for Microsoft Vista
FARO LS 1.1.406.58
ffdshow [rev 2527] [2008-12-19]
Free DVD Ripper Version 2.25
Google SketchUp 7
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 H2
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 20
Juno Preloader
kuler
LabelPrint
LabelPrint
LightScribe System Software 1.14.17.1
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 8.0 Support DLLs
Microsoft Works
Monkey
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
Norton Internet Security
OCR Software by I.R.I.S. 10.0
OneNote Web Exporter (0.5.0)
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Power2Go
Power2Go
PowerDirector
PowerDirector
QuickTime
RarZilla Free Unrar 2.53
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.88
Rhapsody MP3 Download Manager
Rhinoceros 4.0 Evaluation
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Shop for HP Supplies
SPORE Creature Creator Trial Edition
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981726)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VoiceOver Kit
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Xvid 1.1.3 final uninstall

Thanks in advance for your help!
artworks86
Active Member
 
Posts: 4
Joined: June 2nd, 2010, 8:19 pm
Advertisement
Register to Remove

Re: Windows, IE and Firefox keep crashing ....

Unread postby Wingman » June 5th, 2010, 10:23 am

Hello artworks86... Welcome to the forum.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please tell me if this computer is used for business purposes or used in a business environment?

Step 1.
ERUNT - Emergency Recovery Utility NT
If you already have this program installed, please proceed to the Run: portion of these instructions.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
    VISTA/W7 users: right-click erunt-setup-exe, select "Run As Administrator" to run the install process. Install by following prompts.
  3. Use the default install settings...
  4. Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.
    Say "NO" if prompted or asked if you want to add ERUNT to the Start-Up folder. You can enable this later.
  5. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
    VISTA/W7 users: right-click the desktop icon, select "Run As Administrator" or start it at the end of the setup process.
  6. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  7. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
    Vista/W7 users: right-click on ERUNT in the menu, then select "Run As Administrator". If UAC prompts, please allow it.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
CKScanner
Please download CKScanner ... Save it to your desktop.
Make sure that CKScanner.exe is on the your desktop before running the application!
  1. Double-click on the CKScanner.exe icon... then click the Search For Files button.
    If using Vista, you must right click the (CKScanner.exe) icon and choose "Run As Administrator", then click the "Search For Files" button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.

Step 3.
GMER
The downloaded file will have a random name... this prevents malware from detecting and blocking it.
Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
Note: Do not run any programs while Gmer is running.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
    If using Vista, you must right click random named.exe and choose "Run As Administrator".
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important!
  3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All <-- don't miss this one

    Image
    Click on image to enlarge

  4. If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
  5. Click the Scan button.
  6. Once the scan has finished... click Save. The Save... window will open.
  7. Save the scan results as gmerroot.log, save it to your Desktop.
  8. Double click on the desktop "gmerroot.log" file, to open in Notepad.
  9. Copy and paste the contents of the file gmerroot.log in your next reply.
    Note: If GMER hangs or crashes your computer, Re-run it and UNCHECK "Devices" along with the other items mentioned.

Step 4.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
    These log files can be found in the C:\RSIT folder
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Business computer?
  3. GMER - gmerroot.log file contents.
  4. RSIT log.txt and info.txt file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Windows, IE and Firefox keep crashing ....

Unread postby artworks86 » June 5th, 2010, 8:53 pm

Thank you for your help so far.

This is my personal computer, although I do use some programs (Adobe Photoshop, Illustrator, etc) occasionally for business work. I had a trial version of AutoCad 2011 on my computer (for business work) a few months ago and just recently uninstalled it. I see there are still some Autocad Material libraries on my computer that maybe I should uninstall as well? I had actually tried doing that the other day but I got an error from Microsoft Windows that it was no longer working and closed all my windows.

CKScanner file:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\megan\music\adobe photoshop cs2 v9.0 final + keygen & activator==.zip
scanner sequence 3.NA.11
----- EOF -----

I had some problems with the GMER scan. The first time it basically froze up my computer and then gave me the blue screen. The second time I attempted to save the Log halfway through because I wanted to at least have something to give you ... after it saved it again froze on me and gave me the blue screen. The third time I ran it, I watched it for two hours. I unfortunately couldn't watch the computer any longer and when I came back about 2 hours later, the scan screen was gone. I can try and run it again and post if I get the whole way through the scan tomorrow. Here are the message errors I received both times when I restarted my computer after I got the blue screens, just in case it may be helpful to you:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 8A11E7C0
BCP3: 8A11E90C
BCP4: 820714B0
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini060510-02.dmp
C:\Users\Megan\AppData\Local\Temp\WER-152022-0.sysdata.xml
C:\Users\Megan\AppData\Local\Temp\WERB366.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0409




And here is half of the Gmerroot Log I was able to save on the second try (it's too big to fit in one post so I have to break it up):
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-05 15:17:40
Windows 6.0.6001 Service Pack 1
Running: 55kznwwy.exe; Driver: C:\Users\Megan\AppData\Local\Temp\aglcypow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAD7CC83B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAD7CC865]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAD7CC88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAD7CC84F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAD7CC827]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAD7CC8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAD7CC879]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81E5A1C0 5 Bytes JMP AD7CC87D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82015FBC 5 Bytes JMP AD7CC82B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 820577CE 7 Bytes JMP AD7CC891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82057E25 5 Bytes JMP AD7CC8A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8205A036 5 Bytes JMP AD7CC83F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8206994E 7 Bytes JMP AD7CC853 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 820C726F 2 Bytes JMP AD7CC869 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess + 3 820C7272 2 Bytes [70, 2B] {JO 0x2d}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[368] ntdll.dll!NtClose + 6 77847F4E 4 Bytes [D4, 19, 3A, 03] {AAM 0x19; CMP AL, [EBX]}
.text C:\Windows\Explorer.EXE[368] ntdll.dll!NtDeviceIoControlFile + 6 7784843E 4 Bytes [D8, 19, 3A, 03] {FCOMP DWORD [ECX]; CMP AL, [EBX]}
.text C:\Windows\Explorer.EXE[368] ntdll.dll!NtQueryDirectoryFile + 7 778489EF 3 Bytes [1C, 3A, 03]
.text C:\Windows\Explorer.EXE[368] ntdll.dll!NtResumeThread + 6 77848DEE 4 Bytes [F4, 1A, 3A, 03]
.text C:\Windows\Explorer.EXE[368] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 01710F4B
.text C:\Windows\Explorer.EXE[368] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 01710087
.text C:\Windows\Explorer.EXE[368] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 01710F1F
.text C:\Windows\Explorer.EXE[368] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 017100B6
.text C:\Windows\Explorer.EXE[368] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 0171005B
.text C:\Windows\Explorer.EXE[368] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 01710FAF
.text C:\Windows\Explorer.EXE[368] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 01710040
.text C:\Windows\Explorer.EXE[368] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 0171001B
.text C:\Windows\Explorer.EXE[368] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 0171006C
.text C:\Windows\Explorer.EXE[368] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 01710F83
.text C:\Windows\Explorer.EXE[368] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 01710F9E
.text C:\Windows\Explorer.EXE[368] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 01710F5C
.text C:\Windows\Explorer.EXE[368] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 017100D1
.text C:\Windows\Explorer.EXE[368] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 01710FD4
.text C:\Windows\Explorer.EXE[368] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 01710FEF
.text C:\Windows\Explorer.EXE[368] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 0171000A
.text C:\Windows\Explorer.EXE[368] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 01710F3A
.text C:\Windows\Explorer.EXE[368] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 02F70076
.text C:\Windows\Explorer.EXE[368] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 02F7004A
.text C:\Windows\Explorer.EXE[368] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 02F70000
.text C:\Windows\Explorer.EXE[368] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 02F7005B
.text C:\Windows\Explorer.EXE[368] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 02F70FB9
.text C:\Windows\Explorer.EXE[368] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 02F7002F
.text C:\Windows\Explorer.EXE[368] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 02F70FEF
.text C:\Windows\Explorer.EXE[368] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 02F70FDE
.text C:\Windows\Explorer.EXE[368] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 02F80F8B
.text C:\Windows\Explorer.EXE[368] msvcrt.dll!system 774B8B63 5 Bytes JMP 02F80F9C
.text C:\Windows\Explorer.EXE[368] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 02F8000C
.text C:\Windows\Explorer.EXE[368] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 02F80FEF
.text C:\Windows\Explorer.EXE[368] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 02F80FB7
.text C:\Windows\Explorer.EXE[368] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 02F80FDE
.text C:\Windows\Explorer.EXE[368] WS2_32.dll!socket 779636D1 5 Bytes JMP 02FC0FEF
.text C:\Windows\Explorer.EXE[368] WININET.dll!InternetOpenA 7753D690 5 Bytes JMP 02F90FE5
.text C:\Windows\Explorer.EXE[368] WININET.dll!InternetOpenW 7753DB09 5 Bytes JMP 02F90FCA
.text C:\Windows\Explorer.EXE[368] WININET.dll!InternetOpenUrlA 7753F3A4 5 Bytes JMP 02F9000A
.text C:\Windows\Explorer.EXE[368] WININET.dll!InternetOpenUrlW 77586DDF 5 Bytes JMP 02F9001B
.text C:\Windows\system32\services.exe[640] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 000600CE
.text C:\Windows\system32\services.exe[640] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 000600B3
.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00060F37
.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00060F52
.text C:\Windows\system32\services.exe[640] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00060F88
.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00060FDE
.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 0006005B
.text C:\Windows\system32\services.exe[640] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00060087
.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 00060FB9
.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 0006004A
.text C:\Windows\system32\services.exe[640] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 000600A2
.text C:\Windows\system32\services.exe[640] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 00060F1C
.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 0006001B
.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 0006000A
.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00060FEF
.text C:\Windows\system32\services.exe[640] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 00060F6D
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00070F83
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00070FAF
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00070FE5
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00070F9E
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00070F72
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00070025
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 0007000A
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00070FD4
.text C:\Windows\system32\services.exe[640] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 0008002F
.text C:\Windows\system32\services.exe[640] msvcrt.dll!system 774B8B63 5 Bytes JMP 00080014
.text C:\Windows\system32\services.exe[640] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00080FB5
.text C:\Windows\system32\services.exe[640] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00080FE3
.text C:\Windows\system32\services.exe[640] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00080FA4
.text C:\Windows\system32\services.exe[640] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00080FD2
.text C:\Windows\system32\services.exe[640] WS2_32.dll!socket 779636D1 5 Bytes JMP 00090FE5
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 002300A9
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00230098
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00230F3E
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 002300D5
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00230F8F
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00230025
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00230073
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 00230051
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00230F7E
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 00230062
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 00230036
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 00230F6D
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 002300E6
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 00230FEF
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 0023000A
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00230FD4
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 002300BA
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 0024002C
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00240FAF
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00240000
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00240F94
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00240F6F
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00240FCA
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00240FE5
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 0024001B
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00250FB7
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!system 774B8B63 5 Bytes JMP 00250FD2
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00250038
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00250000
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00250FE3
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 0025001D
.text C:\Windows\system32\lsass.exe[652] WS2_32.dll!socket 779636D1 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00C40F1F
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00C4006F
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00C40EF3
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00C4008A
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00C40F7A
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00C40FDE
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00C40F8B
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 00C40FBC
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00C40F69
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 00C40054
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 00C40FCD
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 00C40F4E
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 00C4009B
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 00C4000A
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 00C40FEF
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00C4002F
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 00C40F0E
.text C:\Windows\system32\svchost.exe[836] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00CA0FB4
.text C:\Windows\system32\svchost.exe[836] msvcrt.dll!system 774B8B63 5 Bytes JMP 00CA0FC5
.text C:\Windows\system32\svchost.exe[836] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00CA002E
.text C:\Windows\system32\svchost.exe[836] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00CA0000
.text C:\Windows\system32\svchost.exe[836] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00CA003F
.text C:\Windows\system32\svchost.exe[836] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00CA0011
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00C90F94
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00C9001B
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00C90FEF
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00C9002C
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00C90051
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00C9000A
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00C90FD4
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00C90FB9
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 001F0F57
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 001F00A7
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 001F00DD
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 001F00C2
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 001F0060
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 001F0FB2
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 001F004F
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 001F0028
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 001F0071
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 001F0F86
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 001F0F97
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 001F008C
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 001F0F2B
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 001F0FD4
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 001F0FC3
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 001F0F46
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00210F92
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!system 774B8B63 5 Bytes JMP 0021001D
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00210FD2
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 0021000C
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00210FAD
.text C:\Windows\system32\svchost.exe[844] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00200F94
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00200025
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00200036
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00200051
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 0020000A
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00200FDE
.text C:\Windows\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00200FB9
.text C:\Windows\system32\svchost.exe[844] WS2_32.dll!socket 779636D1 5 Bytes JMP 006E0000
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 000A009D
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 000A0F57
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 000A00D0
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 000A00BF
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 000A0082
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 000A0014
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 000A0065
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 000A0040
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 000A0F83
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 000A0FA8
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 000A002F
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 000A0F68
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 000A0F1E
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 000A0FD4
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\svchost.exe[908] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 000A00AE
.text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 001D0F7A
.text C:\Windows\system32\svchost.exe[908] msvcrt.dll!system 774B8B63 5 Bytes JMP 001D0F95
.text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 001D0FC1
.text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 001D0FA6
.text C:\Windows\system32\svchost.exe[908] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 001D0FDE
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 000B0F9E
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 000B0FB9
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 000B0FE5
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 000B004A
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 000B005B
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 000B000A
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 000B002F
.text C:\Windows\system32\svchost.exe[908] WS2_32.dll!socket 779636D1 3 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[908] WS2_32.dll!socket + 4 779636D5 1 Byte [88]
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00900F85
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 009000CB
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 009000FA
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00900F63
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 0090008E
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 0090002C
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00900073
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 0090004E
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 0090009F
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 00900FB6
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 0090003D
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 009000BA
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 0090010B
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 00900FEF
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00900011
.text C:\Windows\System32\svchost.exe[948] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 00900F74
.text C:\Windows\System32\svchost.exe[948] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00920F97
.text C:\Windows\System32\svchost.exe[948] msvcrt.dll!system 774B8B63 5 Bytes JMP 00920022
.text C:\Windows\System32\svchost.exe[948] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00920011
.text C:\Windows\System32\svchost.exe[948] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00920000
.text C:\Windows\System32\svchost.exe[948] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00920FB2
.text C:\Windows\System32\svchost.exe[948] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00920FD7
.text C:\Windows\System32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 0091003D
.text C:\Windows\System32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 0091001B
.text C:\Windows\System32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00910000
.text C:\Windows\System32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 0091002C
.text C:\Windows\System32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00910062
.text C:\Windows\System32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00910FCA
.text C:\Windows\System32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00910FE5
.text C:\Windows\System32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00910FB9
.text C:\Windows\System32\svchost.exe[948] WS2_32.dll!socket 779636D1 5 Bytes JMP 01820FEF
.text C:\Windows\System32\svchost.exe[948] wininet.dll!InternetOpenA 7753D690 5 Bytes JMP 01810FEF
.text C:\Windows\System32\svchost.exe[948] wininet.dll!InternetOpenW 7753DB09 5 Bytes JMP 01810FD4
.text C:\Windows\System32\svchost.exe[948] wininet.dll!InternetOpenUrlA 7753F3A4 5 Bytes JMP 01810FC3
.text C:\Windows\System32\svchost.exe[948] wininet.dll!InternetOpenUrlW 77586DDF 5 Bytes JMP 01810FB2
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 001B00DA
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 001B00C9
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 001B0F5E
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 001B0F79
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 001B0089
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 001B0FE5
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 001B0078
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 001B0FB9
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 001B0F9E
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 001B005B
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 001B0FCA
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 001B00A4
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 001B0F4D
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 001B001B
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 001B0000
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 001B0036
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 001B00EB
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 001D0FCA
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!system 774B8B63 5 Bytes JMP 001D0055
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 001D0029
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 001D0FEF
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 001D003A
.text C:\Windows\System32\svchost.exe[1052] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 001D000C
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 001C005B
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 001C0036
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 001C0FEF
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 001C0FAF
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 001C006C
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 001C0025
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 001C000A
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 001C0FD4
.text C:\Windows\System32\svchost.exe[1052] WS2_32.dll!socket 779636D1 5 Bytes JMP 001E0FEF
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00DD00B8
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00DD0F68
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00DD00F5
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00DD00DA
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00DD0F9E
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00DD0040
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00DD0078
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 00DD0FCA
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00DD0F8D
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 00DD0FB9
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 00DD0051
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 00DD009D
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 00DD0F39
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 00DD0025
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 00DD0000
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00DD0FEF
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 00DD00C9
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00DF003D
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!system 774B8B63 5 Bytes JMP 00DF002C
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00DF0FD7
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00DF0FBC
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00DF0011
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00DE004A
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00DE002F
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00DE0000
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00DE0FA8
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00DE0F8D
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00DE0FD4
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00DE0FEF
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00DE0FC3
.text C:\Windows\System32\svchost.exe[1124] WS2_32.dll!socket 779636D1 5 Bytes JMP 01000FEF
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 011A008E
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 011A0F52
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 011A0F12
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 011A00A9
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 011A0F77
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 011A0FC3
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 011A0F88
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 011A0036
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 011A006C
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 011A0051
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 011A0025
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 011A007D
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 011A0F01
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 011A0000
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 011A0FEF
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 011A0FD4
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 011A0F2D
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 011C0F97
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!system 774B8B63 5 Bytes JMP 011C002C
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 011C0FD7
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 011C0000
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 011C0FBC
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 011C0011
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 011B0F94
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 011B0FAF
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 011B0FEF
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 011B0036
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 011B0F83
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 011B0000
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 011B0FCA
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 011B001B
.text C:\Windows\system32\svchost.exe[1136] WS2_32.dll!socket 779636D1 5 Bytes JMP 01210000
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00070F7F
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00070F90
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00070F4C
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00070F5D
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 000700A7
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 0007002F
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00070FCD
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 0007006F
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00070FBC
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 0007008A
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 0007004A
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 00070FA1
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 000700F4
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00070FDE
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 00070F6E
.text C:\Windows\system32\svchost.exe[1228] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00090053
.text C:\Windows\system32\svchost.exe[1228] msvcrt.dll!system 774B8B63 5 Bytes JMP 00090FC8
.text C:\Windows\system32\svchost.exe[1228] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 0009001D
.text C:\Windows\system32\svchost.exe[1228] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 0009000C
.text C:\Windows\system32\svchost.exe[1228] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00090038
.text C:\Windows\system32\svchost.exe[1228] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00090FE3
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00080051
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00080FC0
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00080FAF
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00080F9E
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00080FE5
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 0008001B
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00080036
.text C:\Windows\system32\svchost.exe[1228] WS2_32.dll!socket 779636D1 5 Bytes JMP 000A000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 008C0F23
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 008C0F34
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 008C0EED
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 008C0084
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 008C0F6A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 008C0022
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 008C004E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 008C0FAC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 008C0F59
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 008C0F91
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 008C0033
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 008C005F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 008C0EDC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 008C0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 008C0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 008C0011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 008C0F12
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 008E0FAB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] msvcrt.dll!system 774B8B63 5 Bytes JMP 008E0FC6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 008E001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 008E0FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 008E002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 008E0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 008D0040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 008D0FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 008D0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 008D0F9E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 008D0F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 008D0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 008D0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 008D0025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1240] WS2_32.dll!socket 779636D1 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 000800DB
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 000800C0
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00080107
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 000800F6
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00080F8B
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00080FDE
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00080065
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 00080FBC
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00080080
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 00080054
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 00080FCD
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 000800A5
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 00080118
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00080025
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 00080F7A
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00CF0040
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!system 774B8B63 5 Bytes JMP 00CF0025
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00CF0000
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00CF0FE3
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00CF0FB5
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00CF0FD2
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00CA0FAF
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00CA0047
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00CA000A
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00CA0FC0
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00CA0076
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00CA001B
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00CA0FEF
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00CA002C
.text C:\Windows\system32\svchost.exe[1304] WS2_32.dll!socket 779636D1 5 Bytes JMP 00D1000A
.text C:\Windows\system32\svchost.exe[1304] WinInet.dll!InternetOpenA 7753D690 5 Bytes JMP 00D00FEF
.text C:\Windows\system32\svchost.exe[1304] WinInet.dll!InternetOpenW 7753DB09 5 Bytes JMP 00D0000A
.text C:\Windows\system32\svchost.exe[1304] WinInet.dll!InternetOpenUrlA 7753F3A4 5 Bytes JMP 00D00025
.text C:\Windows\system32\svchost.exe[1304] WinInet.dll!InternetOpenUrlW 77586DDF 5 Bytes JMP 00D00036
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00230089
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00230F43
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00230F03
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00230F28
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00230067
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 0023001B
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00230F83
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 0023002C
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00230078
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 00230F94
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 00230FA5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 00230F5E
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 00230EF2
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 00230FE5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00230FCA
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 002300A4
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 003A0042
artworks86
Active Member
 
Posts: 4
Joined: June 2nd, 2010, 8:19 pm

Re: Windows, IE and Firefox keep crashing ....

Unread postby artworks86 » June 5th, 2010, 8:54 pm

.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!system 774B8B63 5 Bytes JMP 003A0FB7
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 003A001D
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 003A0000
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 003A0FD2
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 003A0FE3
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 0039004A
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 0039001E
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00390039
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00390F83
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00390FC3
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00390FDE
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00390FB2
.text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!socket 779636D1 5 Bytes JMP 003F0000
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00D30F46
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00D30082
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00D30EFF
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00D30F24
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00D3004F
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00D30FB2
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00D30F75
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 00D30F90
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00D30060
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 00D30032
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 00D30FA1
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 00D30071
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 00D300BB
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 00D30FD4
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 00D30FEF
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00D30FC3
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 00D30F35
.text C:\Windows\system32\svchost.exe[1772] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 01850044
.text C:\Windows\system32\svchost.exe[1772] msvcrt.dll!system 774B8B63 5 Bytes JMP 01850033
.text C:\Windows\system32\svchost.exe[1772] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 01850011
.text C:\Windows\system32\svchost.exe[1772] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 01850FE3
.text C:\Windows\system32\svchost.exe[1772] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 01850022
.text C:\Windows\system32\svchost.exe[1772] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 01850000
.text C:\Windows\system32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 00D4006F
.text C:\Windows\system32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00D4004A
.text C:\Windows\system32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00D40000
.text C:\Windows\system32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00D40FCD
.text C:\Windows\system32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00D4008A
.text C:\Windows\system32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 00D40FDE
.text C:\Windows\system32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 00D40FEF
.text C:\Windows\system32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00D4002F
.text C:\Windows\system32\svchost.exe[1772] WS2_32.dll!socket 779636D1 5 Bytes JMP 01860FEF
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 01600F5E
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 016000A4
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 016000D0
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 016000BF
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 0160005D
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 01600FCA
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 01600040
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 01600F9E
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 0160006E
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 01600F83
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 01600FB9
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 01600089
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 016000E1
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 01600FDB
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 01600000
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 01600011
.text C:\Windows\System32\svchost.exe[2004] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 01600F4D
.text C:\Windows\System32\svchost.exe[2004] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 01620F9C
.text C:\Windows\System32\svchost.exe[2004] msvcrt.dll!system 774B8B63 5 Bytes JMP 01620027
.text C:\Windows\System32\svchost.exe[2004] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 01620FC1
.text C:\Windows\System32\svchost.exe[2004] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 01620FE3
.text C:\Windows\System32\svchost.exe[2004] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 0162000C
.text C:\Windows\System32\svchost.exe[2004] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 01620FD2
.text C:\Windows\System32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 0161005B
.text C:\Windows\System32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 01610039
.text C:\Windows\System32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 01610FEF
.text C:\Windows\System32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 0161004A
.text C:\Windows\System32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 01610076
.text C:\Windows\System32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 01610FCD
.text C:\Windows\System32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 01610FDE
.text C:\Windows\System32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 0161001E
.text C:\Windows\System32\svchost.exe[2004] WININET.dll!InternetOpenA 7753D690 5 Bytes JMP 019C0FEF
.text C:\Windows\System32\svchost.exe[2004] WININET.dll!InternetOpenW 7753DB09 5 Bytes JMP 019C0FDE
.text C:\Windows\System32\svchost.exe[2004] WININET.dll!InternetOpenUrlA 7753F3A4 5 Bytes JMP 019C0014
.text C:\Windows\System32\svchost.exe[2004] WININET.dll!InternetOpenUrlW 77586DDF 5 Bytes JMP 019C0025
.text C:\Windows\System32\svchost.exe[2004] WS2_32.dll!socket 779636D1 5 Bytes JMP 019D0FE5
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 000A00D8
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 000A00BD
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 000A0F66
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 000A00FD
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 000A0FB7
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 000A0051
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 000A0091
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 000A0FD4
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 000A0F9C
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 000A0080
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 000A0FE5
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 000A00AC
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 000A0118
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 000A0025
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 000A000A
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 000A0036
.text C:\Windows\System32\svchost.exe[2264] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 000A0F77
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 000D0047
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!system 774B8B63 5 Bytes JMP 000D002C
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 000D0FCD
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 000D0FEF
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 000D0FBC
.text C:\Windows\System32\svchost.exe[2264] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 000D0FDE
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 000B0FA1
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 000B0039
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 000B0FEF
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 000B0FB2
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 000B005E
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 000B0FCD
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 000B0FDE
.text C:\Windows\System32\svchost.exe[2264] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 000B001E
.text C:\Windows\System32\svchost.exe[2264] WS2_32.dll!socket 779636D1 5 Bytes JMP 000E0FEF
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 001700C6
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 001700B5
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00170F4A
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00170F65
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 00170FC0
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00170047
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 0017009A
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 00170FDB
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00170FA5
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 0017007D
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 00170062
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 00170F8A
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 00170F25
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 0017001B
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 0017002C
.text C:\Windows\System32\svchost.exe[2404] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 001700D7
.text C:\Windows\System32\svchost.exe[2404] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00190077
.text C:\Windows\System32\svchost.exe[2404] msvcrt.dll!system 774B8B63 5 Bytes JMP 0019005C
.text C:\Windows\System32\svchost.exe[2404] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 0019003A
.text C:\Windows\System32\svchost.exe[2404] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00190000
.text C:\Windows\System32\svchost.exe[2404] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 0019004B
.text C:\Windows\System32\svchost.exe[2404] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00190029
.text C:\Windows\System32\svchost.exe[2404] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 0018005B
.text C:\Windows\System32\svchost.exe[2404] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 00180040
.text C:\Windows\System32\svchost.exe[2404] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 00180FEF
.text C:\Windows\System32\svchost.exe[2404] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 00180FB9
.text C:\Windows\System32\svchost.exe[2404] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 00180FA8
.text C:\Windows\System32\svchost.exe[2404] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 0018002F
.text C:\Windows\System32\svchost.exe[2404] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 0018000A
.text C:\Windows\System32\svchost.exe[2404] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 00180FD4
.text C:\Windows\System32\svchost.exe[2404] WS2_32.dll!socket 779636D1 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 000700A2
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00070F5C
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 000700D8
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00070F41
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00070F9E
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00070F77
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 0007005B
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 00070087
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 00070F30
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 000700BD
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 000D0FB2
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!system 774B8B63 5 Bytes JMP 000D0FC3
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 000D0FDE
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 000D0033
.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 000A0054
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 000A0FB2
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 000A0065
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 000A0014
.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 000A002F
.text C:\Windows\system32\svchost.exe[2452] WS2_32.dll!socket 779636D1 5 Bytes JMP 00120FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 003F0F3D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 003F0F4E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 003F00A5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 003F0F0E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 003F0F7D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 003F0039
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 003F0F9A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 003F0FBC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 003F0068
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 003F0FAB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 003F0FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 003F0079
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 003F0EE9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 003F0FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 003F0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 003F0014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 003F0094
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 008B0051
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 008B0FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 008B0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 008B0040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 008B0076
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 008B001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 008B0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 008B0FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 008D0FC1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] msvcrt.dll!system 774B8B63 5 Bytes JMP 008D0042
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 008D0FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 008D0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 008D0031
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 008D000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2604] WS2_32.dll!socket 779636D1 5 Bytes JMP 008E0FEF
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 008D00C7
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 008D00AC
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 008D00FD
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 008D0F66
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 008D005B
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 008D0FC3
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 008D004A
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 008D0FA8
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 008D0080
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 008D0F8D
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 008D0025
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 008D009B
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 008D0F4B
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 008D000A
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 008D0FD4
.text C:\Windows\system32\svchost.exe[3072] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 008D00EC
.text C:\Windows\system32\svchost.exe[3072] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00900031
.text C:\Windows\system32\svchost.exe[3072] msvcrt.dll!system 774B8B63 5 Bytes JMP 00900FA6
.text C:\Windows\system32\svchost.exe[3072] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 0090000C
.text C:\Windows\system32\svchost.exe[3072] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00900FEF
.text C:\Windows\system32\svchost.exe[3072] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00900FB7
.text C:\Windows\system32\svchost.exe[3072] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00900FDE
.text C:\Windows\system32\svchost.exe[3072] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 008F006C
.text C:\Windows\system32\svchost.exe[3072] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 008F0051
.text C:\Windows\system32\svchost.exe[3072] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 008F000A
.text C:\Windows\system32\svchost.exe[3072] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 008F0FCA
.text C:\Windows\system32\svchost.exe[3072] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 008F0FA5
.text C:\Windows\system32\svchost.exe[3072] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 008F002C
.text C:\Windows\system32\svchost.exe[3072] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 008F001B
.text C:\Windows\system32\svchost.exe[3072] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\svchost.exe[3072] WS2_32.dll!socket 779636D1 5 Bytes JMP 00CE0000
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!GetStartupInfoW 76B71929 5 Bytes JMP 00050071
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!GetStartupInfoA 76B719C9 5 Bytes JMP 00050060
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!CreateProcessW 76B71C01 5 Bytes JMP 00050EFF
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!CreateProcessA 76B71C36 5 Bytes JMP 00050F10
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!VirtualProtect 76B71DD1 5 Bytes JMP 0005003B
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!CreateNamedPipeW 76B75C44 5 Bytes JMP 00050FB9
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!LoadLibraryExW 76B930C3 5 Bytes JMP 00050F61
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!LoadLibraryW 76B9361F 5 Bytes JMP 00050F8D
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!VirtualProtectEx 76B98D7E 5 Bytes JMP 00050F46
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!LoadLibraryExA 76B99469 5 Bytes JMP 00050F7C
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!LoadLibraryA 76B99491 5 Bytes JMP 00050F9E
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!CreatePipe 76BA0284 5 Bytes JMP 00050F2B
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!GetProcAddress 76BBB8B6 5 Bytes JMP 00050EE4
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!CreateFileW 76BBCC4E 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!CreateFileA 76BBCF71 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!CreateNamedPipeA 76C0430E 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[3164] kernel32.dll!WinExec 76C054FF 5 Bytes JMP 0005008C
.text C:\Windows\System32\svchost.exe[3164] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 000B0069
.text C:\Windows\System32\svchost.exe[3164] msvcrt.dll!system 774B8B63 5 Bytes JMP 000B0044
.text C:\Windows\System32\svchost.exe[3164] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 000B0018
.text C:\Windows\System32\svchost.exe[3164] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 000B0FEF
.text C:\Windows\System32\svchost.exe[3164] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 000B0033
.text C:\Windows\System32\svchost.exe[3164] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 000B0FDE
.text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!RegCreateKeyExA 76F9B5E7 5 Bytes JMP 000A0FA5
.text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!RegCreateKeyA 76F9B8AE 5 Bytes JMP 000A0047
.text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!RegOpenKeyA 76FA0BF5 5 Bytes JMP 000A0000
.text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!RegCreateKeyW 76FAB83D 5 Bytes JMP 000A0FC0
.text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!RegCreateKeyExW 76FABCE1 5 Bytes JMP 000A0F94
.text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!RegOpenKeyExA 76FAD4E8 5 Bytes JMP 000A0011
.text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!RegOpenKeyW 76FB3CB0 5 Bytes JMP 000A0FE5
.text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!RegOpenKeyExW 76FBF09D 5 Bytes JMP 000A0036

RSIT Log:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Megan at 2010-06-05 15:25:22
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 46 GB (16%) free of 294 GB
Total RAM: 3002 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:25:33 PM, on 6/5/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WerFault.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Consumer Input\dca-ua.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Megan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3PG8X3N\RSIT[1].exe
C:\Program Files\trend micro\Megan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ntuser_mssec.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12942 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForMegan.job
C:\Windows\tasks\WebReg Photosmart C7200 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-16 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2008-01-24 66880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}]
DCA BHO - C:\Program Files\Consumer Input\dca-bho.dll [2010-01-23 214920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
artworks86
Active Member
 
Posts: 4
Joined: June 2nd, 2010, 8:19 pm

Re: Windows, IE and Firefox keep crashing ....

Unread postby artworks86 » June 5th, 2010, 8:55 pm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-10 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-10 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-10 145944]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-10-06 210216]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-01 202032]
"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"bncsaui.exe"=C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe [2008-10-25 2612616]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-16 198160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-30 972080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Consumer Input Update"=C:\Program Files\Consumer Input\dca-ua.exe [2010-01-23 169864]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
VPN Client.lnk - C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico

C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ntuser_mssec.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-06 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62dff7f6-f0a8-11dd-986d-001f165fca26}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-06-05 15:25:22 ----D---- C:\rsit
2010-06-05 14:34:41 ----D---- C:\Windows\Minidump
2010-06-05 14:26:57 ----D---- C:\Windows\ERDNT
2010-06-05 14:26:14 ----D---- C:\Program Files\ERUNT
2010-06-03 19:43:30 ----D---- C:\Program Files\Windows Live Safety Center
2010-06-02 19:59:29 ----D---- C:\Program Files\Trend Micro
2010-06-01 19:21:25 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-06-01 19:20:17 ----D---- C:\ProgramData\NOS
2010-05-31 12:27:29 ----D---- C:\Program Files\Electronic Arts
2010-05-30 14:58:38 ----D---- C:\Program Files\Common Files\Java
2010-05-30 14:57:39 ----A---- C:\Windows\system32\javaws.exe
2010-05-30 14:57:36 ----A---- C:\Windows\system32\javaw.exe
2010-05-30 14:57:36 ----A---- C:\Windows\system32\java.exe
2010-05-29 19:55:47 ----D---- C:\Windows\pss
2010-05-29 19:54:23 ----A---- C:\Windows\ntbtlog.txt
2010-05-29 15:11:34 ----D---- C:\Program Files\VS Revo Group
2010-05-27 21:13:24 ----D---- C:\ProgramData\DivX
2010-05-27 20:04:56 ----A---- C:\Windows\system32\mstime.dll
2010-05-27 20:04:55 ----A---- C:\Windows\system32\occache.dll
2010-05-27 20:04:53 ----A---- C:\Windows\system32\jsproxy.dll
2010-05-27 20:04:52 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-05-27 20:04:52 ----A---- C:\Windows\system32\msfeeds.dll
2010-05-27 20:04:52 ----A---- C:\Windows\system32\iepeers.dll
2010-05-27 20:04:51 ----A---- C:\Windows\system32\ieui.dll
2010-05-27 20:04:51 ----A---- C:\Windows\system32\iesetup.dll
2010-05-27 20:04:50 ----A---- C:\Windows\system32\wininet.dll
2010-05-27 20:04:50 ----A---- C:\Windows\system32\iernonce.dll
2010-05-27 20:04:49 ----A---- C:\Windows\system32\msfeedssync.exe
2010-05-27 20:04:49 ----A---- C:\Windows\system32\iertutil.dll
2010-05-27 20:04:49 ----A---- C:\Windows\system32\ie4uinit.exe
2010-05-27 20:04:48 ----A---- C:\Windows\system32\urlmon.dll
2010-05-27 20:04:48 ----A---- C:\Windows\system32\ieUnatt.exe
2010-05-27 20:04:48 ----A---- C:\Windows\system32\iesysprep.dll
2010-05-27 20:04:48 ----A---- C:\Windows\system32\iedkcs32.dll
2010-05-27 20:04:47 ----A---- C:\Windows\system32\ieframe.dll
2010-05-27 20:04:46 ----A---- C:\Windows\system32\mshtml.dll
2010-05-27 20:03:24 ----A---- C:\Windows\system32\mshtmled.dll
2010-05-27 20:03:24 ----A---- C:\Windows\system32\icardie.dll
2010-05-27 20:03:23 ----A---- C:\Windows\system32\mshtmler.dll
2010-05-27 20:03:23 ----A---- C:\Windows\system32\admparse.dll
2010-05-27 20:03:22 ----A---- C:\Windows\system32\msls31.dll
2010-05-27 20:03:21 ----A---- C:\Windows\system32\corpol.dll
2010-05-27 20:03:20 ----A---- C:\Windows\system32\imgutil.dll
2010-05-27 20:03:20 ----A---- C:\Windows\system32\ieakeng.dll
2010-05-27 20:03:20 ----A---- C:\Windows\system32\dxtrans.dll
2010-05-27 20:03:20 ----A---- C:\Windows\system32\dxtmsft.dll
2010-05-27 20:03:19 ----A---- C:\Windows\system32\licmgr10.dll
2010-05-27 20:03:19 ----A---- C:\Windows\system32\inseng.dll
2010-05-27 20:03:19 ----A---- C:\Windows\system32\ieaksie.dll
2010-05-27 20:03:18 ----A---- C:\Windows\system32\WinFXDocObj.exe
2010-05-27 20:03:18 ----A---- C:\Windows\system32\wextract.exe
2010-05-27 20:03:18 ----A---- C:\Windows\system32\webcheck.dll
2010-05-27 20:03:18 ----A---- C:\Windows\system32\msrating.dll
2010-05-27 20:03:18 ----A---- C:\Windows\system32\ieakui.dll
2010-05-27 20:03:17 ----A---- C:\Windows\system32\pngfilt.dll
2010-05-27 20:03:17 ----A---- C:\Windows\system32\advpack.dll
2010-05-27 20:03:10 ----A---- C:\Windows\system32\vbscript.dll
2010-05-27 20:03:10 ----A---- C:\Windows\system32\jscript.dll
2010-05-27 20:03:10 ----A---- C:\Windows\system32\ieapfltr.dll
2010-05-27 20:03:09 ----A---- C:\Windows\system32\url.dll
2010-05-27 20:03:05 ----A---- C:\Windows\system32\mshta.exe
2010-05-27 20:03:05 ----A---- C:\Windows\system32\iexpress.exe
2010-05-27 20:03:04 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-05-27 20:03:04 ----A---- C:\Windows\system32\SetDepNx.exe
2010-05-27 20:03:04 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-05-27 20:03:04 ----A---- C:\Windows\system32\PDMSetup.exe
2010-05-27 00:19:06 ----A---- C:\Windows\system32\nshhttp.dll
2010-05-27 00:18:41 ----A---- C:\Windows\system32\httpapi.dll
2010-05-27 00:13:00 ----A---- C:\Windows\system32\wkssvc.dll
2010-05-27 00:12:55 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-05-27 00:12:53 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-05-27 00:12:53 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-05-27 00:12:53 ----A---- C:\Windows\system32\RMActivate.exe
2010-05-27 00:12:52 ----A---- C:\Windows\system32\secproc_isv.dll
2010-05-27 00:12:52 ----A---- C:\Windows\system32\secproc.dll
2010-05-27 00:12:49 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-05-27 00:12:49 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-05-27 00:12:49 ----A---- C:\Windows\system32\msdrm.dll
2010-05-27 00:12:39 ----A---- C:\Windows\system32\EncDec.dll
2010-05-27 00:12:34 ----A---- C:\Windows\system32\psisdecd.dll
2010-05-27 00:12:07 ----A---- C:\Windows\system32\netiohlp.dll
2010-05-27 00:12:04 ----A---- C:\Windows\system32\TCPSVCS.EXE
2010-05-27 00:12:04 ----A---- C:\Windows\system32\NETSTAT.EXE
2010-05-27 00:12:04 ----A---- C:\Windows\system32\finger.exe
2010-05-27 00:12:04 ----A---- C:\Windows\system32\ARP.EXE
2010-05-27 00:12:02 ----A---- C:\Windows\system32\HOSTNAME.EXE
2010-05-27 00:12:01 ----A---- C:\Windows\system32\ROUTE.EXE
2010-05-27 00:12:01 ----A---- C:\Windows\system32\MRINFO.EXE
2010-05-27 00:11:59 ----A---- C:\Windows\system32\netevent.dll
2010-05-27 00:10:50 ----A---- C:\Windows\system32\WMVCORE.DLL
2010-05-27 00:10:50 ----A---- C:\Windows\system32\mf.dll
2010-05-27 00:10:40 ----A---- C:\Windows\system32\wmpdxm.dll
2010-05-27 00:10:20 ----A---- C:\Windows\system32\wmp.dll
2010-05-27 00:10:18 ----A---- C:\Windows\system32\unregmp2.exe
2010-05-27 00:10:13 ----A---- C:\Windows\system32\spwmp.dll
2010-05-27 00:10:10 ----A---- C:\Windows\system32\dxmasf.dll
2010-05-27 00:10:08 ----A---- C:\Windows\system32\wmploc.DLL
2010-05-27 00:09:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-05-27 00:09:39 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-05-27 00:09:34 ----A---- C:\Windows\system32\quartz.dll
2010-05-27 00:09:33 ----A---- C:\Windows\system32\msvidc32.dll
2010-05-27 00:09:32 ----A---- C:\Windows\system32\msrle32.dll
2010-05-27 00:09:31 ----A---- C:\Windows\system32\tsbyuv.dll
2010-05-27 00:09:31 ----A---- C:\Windows\system32\msyuv.dll
2010-05-27 00:09:31 ----A---- C:\Windows\system32\iyuv_32.dll
2010-05-27 00:09:31 ----A---- C:\Windows\system32\avifil32.dll
2010-05-27 00:09:29 ----A---- C:\Windows\system32\mciavi32.dll
2010-05-27 00:09:28 ----A---- C:\Windows\system32\msvfw32.dll
2010-05-27 00:09:28 ----A---- C:\Windows\system32\avicap32.dll
2010-05-27 00:09:22 ----A---- C:\Windows\system32\rpcrt4.dll
2010-05-27 00:09:17 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-05-27 00:09:06 ----A---- C:\Windows\system32\tzres.dll
2010-05-27 00:08:37 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-05-27 00:08:28 ----A---- C:\Windows\system32\wlanmsm.dll
2010-05-27 00:08:27 ----A---- C:\Windows\system32\wlansec.dll
2010-05-27 00:08:27 ----A---- C:\Windows\system32\L2SecHC.dll
2010-05-27 00:08:25 ----A---- C:\Windows\system32\wlansvc.dll
2010-05-27 00:08:19 ----A---- C:\Windows\system32\wdigest.dll
2010-05-27 00:08:19 ----A---- C:\Windows\system32\msv1_0.dll
2010-05-27 00:08:18 ----A---- C:\Windows\system32\lsasrv.dll
2010-05-27 00:08:15 ----A---- C:\Windows\system32\secur32.dll
2010-05-27 00:08:15 ----A---- C:\Windows\system32\lsass.exe
2010-05-27 00:08:08 ----A---- C:\Windows\system32\t2embed.dll
2010-05-27 00:08:08 ----A---- C:\Windows\system32\fontsub.dll
2010-05-27 00:08:08 ----A---- C:\Windows\system32\atmfd.dll
2010-05-27 00:08:05 ----A---- C:\Windows\system32\dciman32.dll
2010-05-27 00:07:59 ----A---- C:\Windows\system32\mstscax.dll
2010-05-27 00:07:54 ----A---- C:\Windows\system32\msxml6.dll
2010-05-27 00:07:54 ----A---- C:\Windows\system32\msxml3.dll
2010-05-27 00:07:37 ----A---- C:\Windows\system32\wintrust.dll
2010-05-27 00:07:33 ----A---- C:\Windows\system32\msasn1.dll
2010-05-27 00:07:28 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-27 00:07:10 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-05-27 00:07:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-05-27 00:06:52 ----A---- C:\Windows\system32\rastls.dll
2010-05-27 00:06:52 ----A---- C:\Windows\system32\raschap.dll
2010-05-27 00:06:47 ----A---- C:\Windows\system32\localspl.dll
2010-05-27 00:06:42 ----A---- C:\Windows\system32\WSDApi.dll
2010-05-27 00:06:33 ----A---- C:\Windows\system32\cabview.dll
2010-05-27 00:06:31 ----A---- C:\Windows\system32\atl.dll
2010-05-24 21:44:27 ----D---- C:\ProgramData\Sun
2010-05-24 21:43:50 ----A---- C:\Windows\system32\deployJava1.dll
2010-05-23 20:03:26 ----A---- C:\Windows\system32\wups2.dll
2010-05-23 20:03:26 ----A---- C:\Windows\system32\wucltux.dll
2010-05-23 20:03:26 ----A---- C:\Windows\system32\wuaueng.dll
2010-05-23 20:03:26 ----A---- C:\Windows\system32\wuauclt.exe
2010-05-23 20:02:28 ----A---- C:\Windows\system32\wups.dll
2010-05-23 20:02:28 ----A---- C:\Windows\system32\wudriver.dll
2010-05-23 20:02:28 ----A---- C:\Windows\system32\wuapi.dll
2010-05-23 20:02:12 ----A---- C:\Windows\system32\wuwebv.dll
2010-05-23 20:02:12 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2010-06-05 15:25:28 ----D---- C:\Windows\Temp
2010-06-05 15:21:26 ----A---- C:\ProgramData\hpqp.ini
2010-06-05 15:21:25 ----D---- C:\Program Files\Common Files\Akamai
2010-06-05 15:18:53 ----D---- C:\Windows
2010-06-05 14:26:14 ----D---- C:\Program Files
2010-06-05 13:47:39 ----D---- C:\Windows\Tasks
2010-06-05 13:47:39 ----D---- C:\Windows\system32\Tasks
2010-06-05 09:49:55 ----SD---- C:\Windows\Downloaded Program Files
2010-06-05 09:49:08 ----SHD---- C:\System Volume Information
2010-06-04 15:17:54 ----SHD---- C:\Windows\Installer
2010-06-04 15:17:54 ----HD---- C:\Config.Msi
2010-06-03 22:24:42 ----D---- C:\Quarantine
2010-06-02 20:02:28 ----D---- C:\Windows\Prefetch
2010-06-02 19:59:30 ----SD---- C:\Users\Megan\AppData\Roaming\Microsoft
2010-06-01 22:08:46 ----D---- C:\Windows\system32\WDI
2010-06-01 19:27:22 ----D---- C:\Windows\system32\catroot2
2010-06-01 19:23:07 ----D---- C:\Program Files\Common Files\Adobe
2010-06-01 19:22:17 ----D---- C:\Program Files\Adobe
2010-06-01 19:22:00 ----D---- C:\Windows\System32
2010-06-01 19:21:25 ----D---- C:\Program Files\Common Files
2010-06-01 19:20:17 ----HD---- C:\ProgramData
2010-05-31 22:48:58 ----D---- C:\Windows\inf
2010-05-31 22:48:58 ----D---- C:\SWSetup
2010-05-31 22:48:50 ----D---- C:\Windows\system32\catroot
2010-05-31 22:48:49 ----D---- C:\Windows\system32\drivers
2010-05-31 22:44:34 ----D---- C:\Program Files\CONEXANT
2010-05-28 12:19:53 ----RSD---- C:\Windows\assembly
2010-05-28 12:19:50 ----D---- C:\ProgramData\Autodesk
2010-05-28 12:19:50 ----D---- C:\Program Files\Common Files\Autodesk Shared
2010-05-28 12:19:49 ----RSD---- C:\Windows\Fonts
2010-05-28 12:11:47 ----D---- C:\Program Files\Common Files\AOL
2010-05-28 12:10:27 ----D---- C:\Program Files\MyPoints Toolbar 2.0
2010-05-28 12:07:40 ----D---- C:\Program Files\Java
2010-05-27 21:48:34 ----D---- C:\Users\Megan\AppData\Roaming\DivX
2010-05-27 21:39:04 ----D---- C:\Windows\rescache
2010-05-27 21:34:40 ----D---- C:\Windows\Microsoft.NET
2010-05-27 21:20:55 ----D---- C:\Program Files\Microsoft Silverlight
2010-05-27 21:18:46 ----D---- C:\Windows\system32\en-US
2010-05-27 21:18:40 ----D---- C:\Program Files\Windows Mail
2010-05-27 21:18:34 ----D---- C:\Program Files\Movie Maker
2010-05-27 21:18:32 ----D---- C:\Windows\ehome
2010-05-27 21:18:29 ----D---- C:\Program Files\Internet Explorer
2010-05-27 21:18:28 ----D---- C:\Windows\system32\migration
2010-05-27 21:18:24 ----D---- C:\Windows\PolicyDefinitions
2010-05-27 21:17:24 ----D---- C:\Program Files\DivX
2010-05-27 21:15:22 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-05-27 21:14:50 ----D---- C:\Program Files\Common Files\DivX Shared
2010-05-27 20:44:49 ----D---- C:\Windows\winsxs
2010-05-27 20:40:18 ----D---- C:\ProgramData\Microsoft Help
2010-05-27 20:34:33 ----D---- C:\Program Files\Microsoft Works
2010-05-27 20:12:34 ----D---- C:\Program Files\Common Files\microsoft shared
2010-05-27 20:09:08 ----A---- C:\Windows\win.ini
2010-05-27 20:09:07 ----D---- C:\Program Files\Common Files\System
2010-05-27 01:01:33 ----D---- C:\Windows\AppPatch
2010-05-27 01:01:14 ----D---- C:\Program Files\Windows Media Player
2010-05-26 23:21:51 ----D---- C:\Windows\SoftwareDistribution
2010-05-25 21:51:26 ----SD---- C:\ProgramData\Microsoft
2010-05-24 20:05:48 ----A---- C:\ProgramData\hpqp.txt
2010-05-21 14:57:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-19 01:53:08 ----D---- C:\Windows\system32\LogFiles
2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2008-04-17 306299]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-06 2378752]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
R3 mfeapfk;McAfee Inc.; C:\Windows\system32\drivers\mfeapfk.sys [2008-01-24 64232]
R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys [2008-01-24 72936]
R3 mfebopk;McAfee Inc.; C:\Windows\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys [2008-01-24 171400]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-06-10 123904]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-09-19 61952]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-20 2225664]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 BNPagent;Bradford Persistent Agent Service; C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe [2008-10-25 2940296]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-04-17 1528608]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-01-24 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-01-24 54608]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-10-06 365952]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-09-15 241734]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-20 1045256]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


RSIT Info:
info.txt logfile of random's system information tool 1.06 2010-06-05 15:25:35

======Uninstall list======

-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Big City Adventures San Francisco\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud 3\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files\HP Games\JoJo's Fashion Show\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\The Hidden Object Game Show\Uninstall.exe"
-->"C:\Program Files\HP Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds Legends\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Creative Suite 4 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\55230b0b70661df0f212e88f0b655f7\Setup.exe --uninstall=1
Adobe Creative Suite 4 Design Premium-->MsiExec.exe /I{A2881E09-38DB-4F79-9135-00FDA01768A7}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{A128921B-D03F-4BFB-8141-C365AA48D660}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BabyLuv-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{102A6C9B-874C-4C79-AE58-5C8D65855F70}\Setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bradford Persistent Agent-->MsiExec.exe /X{3F07C6C9-29E9-485B-A833-BFA5B756DC31}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Cisco Systems VPN Client 5.0.03.0530-->MsiExec.exe /X{4C271126-C295-4828-A901-5910AE0C258B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EasyInfo-->MsiExec.exe /I{8CAE7CB3-B7C0-41A2-B2E3-9BD16124A091}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
FARO LS 1.1.406.58-->MsiExec.exe /I{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\ffdshow\unins000.exe"
Free DVD Ripper Version 2.25-->"C:\Program Files\Free DVD Ripper\unins000.exe"
Google SketchUp 7-->MsiExec.exe /I{BEF106F8-2689-4530-925A-E1117836E8CD}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP DVD Play 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Driver Software 10.0 Rel .2-->C:\Program Files\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe -datfile hposcr21.dat -onestop
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.40 H2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0118-->MsiExec.exe /I{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{846DDADA-0239-4B67-A6B1-33658863793B}\setup.exe" -l0x9 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Juno Preloader-->MsiExec.exe /X{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /X{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Money 2007-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 8.0 Support DLLs-->MsiExec.exe /X{342F5437-C87D-4BB5-89B9-B23E16C6A395}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Monkey-->C:\PROGRA~1\RHINOC~1.0\Plug-ins\Monkey\UNWISE.EXE C:\PROGRA~1\RHINOC~1.0\Plug-ins\Monkey\INSTALL.LOG
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee Reveal-->MsiExec.exe /X{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZero Preloader-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Internet Security-->MsiExec.exe /I{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OneNote Web Exporter (0.5.0)-->MsiExec.exe /I{B6604A34-B5A6-46F3-892C-D98A8F6E83A9}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RarZilla Free Unrar 2.53-->C:\Program Files\RarZilla Free Unrar\uninstall.exe
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly
Revo Uninstaller 1.88-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rhapsody MP3 Download Manager-->MsiExec.exe /I{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}
Rhinoceros 4.0 Evaluation-->MsiExec.exe /I{CCBC3666-5199-4702-B052-2C58FCA6EFF9}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SPORE Creature Creator Trial Edition-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb981726)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {2C69BACE-1151-41C0-8C8D-F6026D510BD4}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VoiceOver Kit-->MsiExec.exe /I{6DE13770-01B7-4366-8DA6-48237793F445}
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: McAfee VirusScan Enterprise
AS: Windows Defender

======System event log======

Computer Name: Megan-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 108239
Source Name: Service Control Manager
Time Written: 20100605192039.000000-000
Event Type: Error
User:

Computer Name: Megan-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 108281
Source Name: Service Control Manager
Time Written: 20100605192100.000000-000
Event Type: Error
User:

Computer Name: Megan-PC
Event Code: 7031
Message: The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Record Number: 108282
Source Name: Service Control Manager
Time Written: 20100605192100.000000-000
Event Type: Error
User:

Computer Name: Megan-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
mfetdik
Record Number: 108284
Source Name: Service Control Manager
Time Written: 20100605192101.000000-000
Event Type: Error
User:

Computer Name: Megan-PC
Event Code: 7034
Message: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
Record Number: 108299
Source Name: Service Control Manager
Time Written: 20100605192248.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Megan-PC
Event Code: 1010
Message: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
Record Number: 35672
Source Name: Microsoft-Windows-Perflib
Time Written: 20100605185725.000000-000
Event Type: Error
User:

Computer Name: Megan-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 35694
Source Name: Microsoft-Windows-WMI
Time Written: 20100605191429.000000-000
Event Type: Error
User:

Computer Name: Megan-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 35729
Source Name: Microsoft-Windows-WMI
Time Written: 20100605192039.000000-000
Event Type: Error
User:

Computer Name: Megan-PC
Event Code: 5051
Message: A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe took longer than 90000 ms to complete a request.
The process will be terminated. Thread id : 3384 (0xd38)
Thread address : 0x77109A94
Thread message :

Build VSCORE.13.3.2.125 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Users\Megan\Desktop\AutoCAD_2011_EFSB_Win_32bit.exe
by C:\Windows\Explorer.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Record Number: 35734
Source Name: McLogEvent
Time Written: 20100605192247.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Megan-PC
Event Code: 1008
Message: The McShield service terminated unexpectedly.
Please review event 5019 or 5051 for details. The McShield service will be restarted in 5 seconds;
Record Number: 35735
Source Name: McLogEvent
Time Written: 20100605192247.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Megan-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 38441
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100605192531.735940-000
Event Type: Audit Failure
User:

Computer Name: Megan-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 38442
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100605192531.824940-000
Event Type: Audit Failure
User:

Computer Name: Megan-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 38443
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100605192531.905940-000
Event Type: Audit Failure
User:

Computer Name: Megan-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 38444
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100605192532.004940-000
Event Type: Audit Failure
User:

Computer Name: Megan-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 38445
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100605192532.127940-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"VSEDEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection
"DEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


As for my problems:
- I am still receiving error80072EFD when I try to install Windows Updates.
- Windows still crashes on me randomly.
- I seem to have no more problems with Java applications in Windows, but still can't run them in Firefox, it just freezes and shuts down.

Again, thanks for your help. I look forward to your next post.
artworks86
Active Member
 
Posts: 4
Joined: June 2nd, 2010, 8:19 pm

Re: Windows, IE and Firefox keep crashing ....

Unread postby Gary R » June 7th, 2010, 8:27 am

I see you are posting for help for a computer that is used for business purposes.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware