Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack this log

Unread postby hillbear66 » June 16th, 2011, 12:07 pm

My internet has been running unbearably slow. just wondering if something was up.
My Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:42 PM, on 6/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Dell\PanelMgr\SSMMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\twain_32\Dell\DELL2145\Scan2Pc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryan hill.BEAR\My Documents\Downloads\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index.php?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O1 - Hosts: 64.71.248.152 download.mcafee.com
O1 - Hosts: 64.208.176.57 download.mcafee.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110519174214.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
O2 - BHO: Updater For Xfinity.com Toolbar 3.5 - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Dell PanelMgr] C:\WINDOWS\Dell\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [2145cn Scan2PC] "C:\WINDOWS\twain_32\Dell\DELL2145\Scan2Pc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 11041 bytes
hillbear66
Active Member
 
Posts: 4
Joined: June 16th, 2011, 12:02 pm
Advertisement
Register to Remove

Re: Hijack this log

Unread postby melboy » June 18th, 2011, 10:40 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=============================================


DDS

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Temporarily disable any real-time active protection and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.

Re-enable any real-time protection you disabled during the running of DDS.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Hijack this log

Unread postby melboy » June 20th, 2011, 4:04 pm

Hi hillbear66

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Hijack this log

Unread postby hillbear66 » June 20th, 2011, 4:23 pm

Sorry for the wait. Thanks for the help.

DDS.txt
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Run by Bryan hill at 16:12:14 on 2011-06-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.321 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Dell\PanelMgr\SSMMgr.exe
C:\WINDOWS\twain_32\Dell\DELL2145\Scan2Pc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\PROGRA~1\MICROS~2\OFFICE11\POWERPNT.EXE
C:\PROGRA~1\MICROS~2\Office12\PPCNVCOM.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.charter.net/google/index.php?q=
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110519174214.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
BHO: Updater For Xfinity.com Toolbar 3.5: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - c:\program files\xfinitytb\auxi\xfinityAu.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
TB: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Dell PanelMgr] c:\windows\dell\panelmgr\SSMMgr.exe /autorun
mRun: [2145cn Scan2PC] "c:\windows\twain_32\dell\dell2145\Scan2Pc.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 216.162.32.20 216.162.47.250
TCP: Interfaces\{5B159A68-FAB9-450B-BCCD-6502436FDF22} : DhcpNameServer = 68.87.64.230 68.87.66.234
TCP: Interfaces\{9CFDA324-344A-44BD-B777-B5592465DD98} : DhcpNameServer = 216.162.32.20 216.162.47.250
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 64.71.248.152 download.mcafee.com
Hosts: 64.208.176.57 download.mcafee.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bryan hill.bear\application data\mozilla\firefox\profiles\2vdtbash.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\bryan hill.bear\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-6 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-6 84200]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-22 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-15 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-6 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-6 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-6 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-6 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-6 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-6 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-22 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-6 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-6 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-6 88736]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-31 136176]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-6 271480]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-31 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-6 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-6 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-6 84488]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2011-5-16 17536]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-8-27 2385896]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2010-9-29 582424]
.
=============== Created Last 30 ================
.
2011-06-17 12:49:21 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-07 16:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-05-27 02:27:01 -------- d-----w- c:\program files\common files\xing shared
2011-05-27 02:24:02 -------- d-----w- c:\windows\SxsCaPendDel
2011-05-24 13:09:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 02:24:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-27 02:24:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 18:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 18:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 18:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 18:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 18:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 16:14:19.78 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/8/2009 12:16:39 AM
System Uptime: 6/20/2011 12:30:38 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 52 GiB total, 11.553 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP586: 4/14/2011 10:21:59 PM - System Checkpoint
RP587: 4/15/2011 3:02:12 AM - Software Distribution Service 3.0
RP588: 4/16/2011 3:33:05 AM - System Checkpoint
RP589: 4/17/2011 3:37:34 AM - System Checkpoint
RP590: 4/18/2011 4:37:41 AM - System Checkpoint
RP591: 4/18/2011 9:02:10 AM - PC Health Advisor Backup
RP592: 4/20/2011 2:58:36 AM - System Checkpoint
RP593: 4/20/2011 7:46:18 PM - Installed Windows Media Player 11
RP594: 4/20/2011 7:47:13 PM - Software Distribution Service 3.0
RP595: 4/21/2011 2:35:39 AM - Removed WinZip 12.1
RP596: 4/21/2011 2:36:55 AM - Installed WinZip 15.5
RP597: 4/21/2011 3:00:32 AM - Software Distribution Service 3.0
RP598: 4/22/2011 3:30:52 AM - System Checkpoint
RP599: 4/22/2011 7:12:09 AM - PC Health Advisor Backup
RP600: 4/23/2011 7:58:03 AM - System Checkpoint
RP601: 4/24/2011 8:58:06 AM - System Checkpoint
RP602: 4/25/2011 9:13:28 AM - System Checkpoint
RP603: 4/25/2011 9:40:00 AM - PC Health Advisor Backup
RP604: 4/26/2011 10:13:32 AM - System Checkpoint
RP605: 4/27/2011 12:04:32 PM - System Checkpoint
RP606: 4/28/2011 3:00:23 AM - Software Distribution Service 3.0
RP607: 4/29/2011 3:13:34 AM - System Checkpoint
RP608: 4/30/2011 3:15:13 AM - System Checkpoint
RP609: 5/1/2011 4:02:48 AM - System Checkpoint
RP610: 5/2/2011 2:18:30 AM - PC Health Advisor Backup
RP611: 5/3/2011 2:59:14 AM - System Checkpoint
RP612: 5/4/2011 5:02:01 AM - System Checkpoint
RP613: 5/4/2011 9:33:03 PM - Software Distribution Service 3.0
RP614: 5/6/2011 1:58:19 AM - PC Health Advisor Backup
RP615: 5/7/2011 2:43:15 AM - System Checkpoint
RP616: 5/8/2011 3:42:59 AM - System Checkpoint
RP617: 5/9/2011 4:26:34 AM - System Checkpoint
RP618: 5/9/2011 2:32:47 PM - PC Health Advisor Backup
RP619: 5/11/2011 12:04:27 PM - System Checkpoint
RP620: 5/12/2011 3:00:42 AM - Software Distribution Service 3.0
RP621: 5/13/2011 3:28:27 PM - Installed Comcast Desktop Software (v1.2.0.9)
RP622: 5/14/2011 4:18:36 PM - System Checkpoint
RP623: 5/15/2011 4:31:30 PM - System Checkpoint
RP624: 5/16/2011 8:12:00 AM - PC Health Advisor Backup
RP625: 5/16/2011 11:44:11 AM - PC Health Advisor Backup
RP626: 5/18/2011 12:23:49 PM - System Checkpoint
RP627: 5/19/2011 1:49:47 PM - Printer Driver Dell 2145cn Color Laser MFP Installed
RP628: 5/19/2011 1:50:38 PM - Printer Driver Dell 2145cn Color Laser MFP PS Installed
RP629: 5/19/2011 1:51:13 PM - Installed InstallShield Restore Point
RP630: 5/19/2011 1:51:22 PM - Installed InstallShield Restore Point
RP631: 5/19/2011 1:52:32 PM - Installed SetIP
RP632: 5/19/2011 1:52:52 PM - Installed InstallShield Restore Point
RP633: 5/19/2011 1:53:07 PM - Installed InstallShield Restore Point
RP634: 5/19/2011 1:53:38 PM - Installed Dell
RP635: 5/23/2011 12:55:41 PM - System Checkpoint
RP636: 5/24/2011 1:17:01 PM - System Checkpoint
RP637: 5/25/2011 1:24:30 PM - System Checkpoint
RP638: 5/26/2011 11:47:11 PM - System Checkpoint
RP639: 5/27/2011 7:41:36 AM - PC Health Advisor Backup
RP640: 5/28/2011 10:53:06 PM - System Checkpoint
RP641: 6/1/2011 9:29:08 AM - System Checkpoint
RP642: 6/2/2011 12:17:19 PM - System Checkpoint
RP643: 6/6/2011 2:20:30 PM - System Checkpoint
RP644: 6/8/2011 12:39:54 AM - System Checkpoint
RP645: 6/9/2011 1:33:45 AM - System Checkpoint
RP646: 6/10/2011 4:42:31 PM - System Checkpoint
RP647: 6/13/2011 12:29:11 PM - System Checkpoint
RP648: 6/16/2011 11:32:15 AM - Removed CA Pest Patrol Realtime Protection
RP649: 6/16/2011 11:35:09 AM - Removed Comcast Desktop Software (v1.2.0.9)
RP650: 6/16/2011 11:37:14 AM - Removed Desktop Doctor
RP651: 6/16/2011 11:51:22 AM - Removed Complete Package for Botulism in Argentina Computer-based Case Study
RP652: 6/20/2011 9:13:00 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint Plus
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
Amazon Kindle For PC v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
Compatibility Pack for the 2007 Office system
Dell 2145cn Color Laser MFP
Dell Driver Download Manager
Dell ResourceCD
Emperor: Battle For Dune
EPSON CardMonitor
EPSON Copy Utility 3
EPSON CX6600 Reference Guide
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
Eusing Free Registry Cleaner
File Uploader
Google Earth Plug-in
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 16
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee AntiVirus Plus
McAfee Security Scan Plus
McAfee SpamKiller
McAfee Virtual Technician
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft LifeCam
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Mozilla Firefox 4.0.1 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
mSSO
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
mWlsSafe
mXML
mZConfig
Nikon Message Center
Nikon Transfer
OGA Notifier 2.0.0048.0
ParetoLogic PC Health Advisor
Picture Control Utility
Power Tab Editor 1.7
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
The Movies(TM)
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewNX
VKC180 Photo Viewer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 15.5
Write-N-Cite
Xfinity.com Toolbar 3.5
XoftSpySE
.
==== Event Viewer Messages From Past Week ========
.
6/20/2011 12:34:18 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/13/2011 9:07:00 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
6/13/2011 9:05:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server service to connect.
6/13/2011 9:05:49 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
6/13/2011 9:05:49 AM, error: Service Control Manager [7000] - The McAfee SpamKiller Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2011 9:05:49 AM, error: Service Control Manager [7000] - The ASCTRM service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
hillbear66
Active Member
 
Posts: 4
Joined: June 16th, 2011, 12:02 pm

Re: Hijack this log

Unread postby melboy » June 20th, 2011, 6:25 pm

Hi

There doesn't appear to be much wrong there. Is the computer slow as a whole or just the Internet?


TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • When GMER opens, it will run an inital quick scan. This should only take a few seconds, allow it to complete.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or results in a BSoD, please inform me --

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.



In your next reply:
  1. MBAM log
  2. ESET log
  3. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Hijack this log

Unread postby hillbear66 » June 21st, 2011, 3:36 pm

Pretty much everything is slow. It takes 10-15 minutes for my computer to start up. I had Paretologic's PC Health Adviser for 2 years and XsoftSpySE for the same time. They just expired last week, but my computer has been slowing down for months. It is killing my productivity. I have to wait at least a minute every time I want to change a tab or open a new page.

MBAM log
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6909

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/21/2011 10:03:12 AM
mbam-log-2011-06-21 (10-03-12).txt

Scan type: Quick scan
Objects scanned: 218736
Time elapsed: 20 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=bf42454238833a479edb14e5421d31c1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-21 04:02:02
# local_time=2011-06-21 12:02:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777189 100 75 2738116 37820117 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=86185
# found=0
# cleaned=0
# scan_time=6124

GMER Log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-21 15:28:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060AH rev.00000096
Running: nosrtotw.exe; Driver: C:\DOCUME~1\BRYANH~1.BEA\LOCALS~1\Temp\pxtdqpob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF726C210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF726C224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF726C250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF726C2A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF726C1FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF726C1D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF726C1E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF726C23A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF726C27C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF726C266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF726C2D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF726C2BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF726C290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E60FC3
.text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E60FDE
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E5000A
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50F77
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E5006C
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E5005B
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E5004A
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50FB9
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E50F38
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F55
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E50F13
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E500A2
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E500C7
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50FA8
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E5001B
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50F66
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50FD4
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E50091
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00990025
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00990F79
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00990FD4
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00990FEF
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00990F94
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0099000A
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00990FAF
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B9, 88]
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00990036
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00980FA8
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!system 77C293C7 5 Bytes JMP 00980FB9
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00980FDE
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00980FEF
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00980029
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00980018
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00960000
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00960011
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00960022
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 0096003D
.text C:\WINDOWS\Explorer.EXE[256] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00970FEF
.text C:\WINDOWS\System32\svchost.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 022C0000
.text C:\WINDOWS\System32\svchost.exe[284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 022C0FE5
.text C:\WINDOWS\System32\svchost.exe[284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 022C001B
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 021C0FEF
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 021C0067
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 021C0F72
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 021C004C
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 021C002F
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 021C0F97
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 021C0F57
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 021C009F
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 021C0F2B
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 021C0F3C
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 021C00DF
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 021C001E
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 021C0FDE
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 021C0082
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 021C0FB2
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 021C0FC3
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 021C00BA
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0036
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0F9E
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0025
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0014
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0065
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0FC3
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0033
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0FA8
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FDE
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FC3
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\System32\svchost.exe[284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990FE5
.text C:\WINDOWS\System32\svchost.exe[284] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00980FEF
.text C:\WINDOWS\System32\svchost.exe[284] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[284] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00980025
.text C:\WINDOWS\System32\svchost.exe[284] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00980FD4
.text C:\WINDOWS\system32\svchost.exe[500] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[500] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A7002F
.text C:\WINDOWS\system32\svchost.exe[500] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A70014
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A60F43
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A60F5E
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A6002C
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A60F94
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A60078
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A60F32
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A60F0B
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A600AE
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A60EF0
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A60F79
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A60053
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A60FAF
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A60FCA
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A60093
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093004A
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FAF
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F83
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F94
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930011
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F90
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FAB
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD7
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FC6
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920011
.text C:\WINDOWS\system32\svchost.exe[500] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[500] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900011
.text C:\WINDOWS\system32\svchost.exe[500] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FDB
.text C:\WINDOWS\system32\svchost.exe[500] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00900036
.text C:\WINDOWS\system32\svchost.exe[500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00850FE5
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00850FD4
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00730000
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007300A4
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00730089
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00730FAF
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00730FC0
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00730047
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00730F8A
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007300DC
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00730119
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00730108
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0073012A
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00730062
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00730FEF
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007300B5
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00730036
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00730025
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007300ED
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00720025
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00720F79
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00720014
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00720FDE
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00720F9E
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00720FEF
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00720FB9
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [92, 88]
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00720040
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710053
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710042
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00710FE3
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0071000C
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00710FD2
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0071001D
.text C:\WINDOWS\system32\svchost.exe[580] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C20014
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10078
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10067
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F8D
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C1004A
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10089
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F4D
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F0B
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100A4
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10EFA
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10F5E
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C1002F
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C10F30
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F68
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00F8D
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C0002F
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00FA8
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FA6
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF003B
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FD2
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0FC1
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[812] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00810000
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0081001B
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00810FE5
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007E008C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007E0F97
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E0071
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007E004A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007E0FB9
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007E00BD
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007E0F6B
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007E00FA
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007E00E9
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007E0F50
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007E0FA8
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007E0F7C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007E0025
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007E0FCA
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007E00CE
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D0FAF
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D005B
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0FDE
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D0F9E
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007D0040
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D0025
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007C0FD2
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes JMP 007C005D
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007C0038
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007C0FE3
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007C001D
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\services.exe[1640] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00970FE5
.text C:\WINDOWS\system32\services.exe[1640] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00970FB9
.text C:\WINDOWS\system32\services.exe[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00970FD4
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00720FE5
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00720036
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00720F41
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00720F52
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00720F79
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00720053
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00720F0B
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0072007F
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0072006E
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0072009A
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0072001B
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00720FD4
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00720F1C
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00720F9E
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00720FB9
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00720EF0
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00710FCD
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00710F90
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00710FDE
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0071004D
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00710FAB
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [91, 88]
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00710FBC
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00700FCA
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!system 77C293C7 5 Bytes JMP 00700FE5
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0070003A
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0070004B
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00700029
.text C:\WINDOWS\system32\services.exe[1640] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\lsass.exe[1652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\lsass.exe[1652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A30FD4
.text C:\WINDOWS\system32\lsass.exe[1652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009A0051
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009A0F66
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009A0F77
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009A0040
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009A0F9E
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009A0089
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009A0F41
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A00B8
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A0F15
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009A00D3
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009A002F
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009A0FE5
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009A006C
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009A0FB9
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009A0FD4
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009A0F30
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00990051
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0099008E
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00990036
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00990025
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00990073
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00990FD1
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B9, 88]
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00990062
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00980053
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 00980042
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00980FD2
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00980027
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00980FE3
.text C:\WINDOWS\system32\lsass.exe[1652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A70036
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A7001B
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009B0076
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009B005B
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009B0F8D
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009B004A
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009B001E
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009B0F5C
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009B0098
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009B0F30
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009B0F4B
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009B00EE
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009B0039
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009B0087
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009B0FB2
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009B0FC3
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009B00C9
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009A0FB9
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009A0040
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009A0FCA
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009A0FDB
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009A0025
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009A0F83
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BA, 88]
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009A0F9E
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0099003D
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00990FB2
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00990011
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00990022
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00990FD7
.text C:\WINDOWS\system32\svchost.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B5000A
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B500BC
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B500A1
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B50086
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50069
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50047
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B50F91
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B50FA2
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50108
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50F6F
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B50F54
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50058
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B5001B
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B500CD
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50036
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B50FE5
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B50F80
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A70FB9
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A70062
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A70FDE
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A70051
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A70040
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A70025
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A60053
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A60FC8
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A6001D
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A60038
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A60FE3
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[3228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990FEF
.text C:\WINDOWS\system32\svchost.exe[3228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990FD4
.text C:\WINDOWS\system32\svchost.exe[3228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00980F7E
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00980F99
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00980FB6
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00980069
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00980047
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00980F52
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00980F63
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00980F01
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00980F26
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009800B5
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00980058
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00980FEF
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0098008E
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00980036
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00980025
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00980F37
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00970FC3
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00970F97
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00970FDE
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0097004A
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00970039
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00970FB2
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00960FA1
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00960FB2
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00960FDE
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00960FC3
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0096000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c691b97d
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0010c691b97d (not active ControlSet)

---- EOF - GMER 1.0.15 ----
hillbear66
Active Member
 
Posts: 4
Joined: June 16th, 2011, 12:02 pm

Re: Hijack this log

Unread postby melboy » June 21st, 2011, 4:17 pm

Hi


OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself



Not a malware issue

At this stage your machine looks to be clean of malware, so the continued problems you are experiencing are not likely to be malware related. As this forum specializes in malware removal, the best and fastest solution for you may be to post on a general PC troubleshooting forum.

These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.

Below are some recommended sites, registration is free, it only takes a few minutes. :)

The Elder Geek on Windows
BleepingComputer.com
WhattheTech

Please see this guide: What to do if your Computer is running slowly

I'm sorry that I could not be of more help to you, and I wish you the best of luck with solving your computer problems. If you have any questions or require any other assistance with malware related issues, please let me know.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Hijack this log

Unread postby hillbear66 » June 21st, 2011, 4:36 pm

I appreciate the help. Thanks.
hillbear66
Active Member
 
Posts: 4
Joined: June 16th, 2011, 12:02 pm

Re: Hijack this log

Unread postby melboy » June 21st, 2011, 4:42 pm

You're welcome.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Hijack this log

Unread postby NonSuch » June 21st, 2011, 5:30 pm

As this issue does not involve malware and therefore falls outside the scope of this forum, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware