Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Media Player problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Media Player problem

Unread postby pcidiot » November 11th, 2008, 5:06 pm

I need help with my PC, I keep having Windows Media Player pop up all by itself, also once in a while sticky keys window will pop up as well and so will a search window, all of these without me doing anything. So here is my Hijack this log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:27 PM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?N=A
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -n QB_GINA-A6C6A0127C_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe C:\DOCUME~1\ginam\LOCALS~1\APPLIC~1\Intuit\QUICKB~1\Log\DBSTAR~1.LOG -y
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 4595 bytes

Thanks so much for any help!
pcidiot
Active Member
 
Posts: 6
Joined: November 11th, 2008, 3:44 pm
Advertisement
Register to Remove

Re: Windows Media Player problem

Unread postby silver » November 14th, 2008, 11:40 pm

Hi pcidiot,

Download RSIT by random/random to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)

  • Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.
  • When the scan is complete, two text files will open - log.txt <- this one will be maximized and info.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt and info.txt in your reply

Once complete, please post both RSIT logs, you won't need to produce a new HijackThis log as RSIT produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Windows Media Player problem

Unread postby pcidiot » November 17th, 2008, 2:46 pm

Here ya go, this is long :?

Logfile of random's system information tool 1.04 (written by random/random)
Run by ginam at 2008-11-17 10:38:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (34%) free of 73 GB
Total RAM: 958 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:18 AM, on 11/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\ginam\My Documents\Ginas pics\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\ginam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?N=A
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -n QB_GINA-A6C6A0127C_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe C:\DOCUME~1\ginam\LOCALS~1\APPLIC~1\Intuit\QUICKB~1\Log\DBSTAR~1.LOG -y
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 4807 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickBooksDB17"=C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe [2006-09-13 128536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\setup\HPZNUI01.EXE"="D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe"="C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe:*:Enabled:QuickBooks Database Server Manager"
"C:\Program Files\Intuit\QuickBooks 2007\QBW32PremierContractor.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBW32PremierContractor.exe:*:Enabled:QuickBooks Premier - Contractor Edition 2007"
"D:\Windows Utilities\Installer32\InstallationManager.exe"="D:\Windows Utilities\Installer32\InstallationManager.exe:*:Enabled:Xerox Windows Common Installer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\setup\HPZnet01.exe"="D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"D:\setup\hponicifs01.exe"="D:\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe:*:Enabled:HP Solution Center"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad92b466-7371-11dc-a20f-00188b6c406c}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c22250ac-658c-11dd-a29e-00188b6c406c}]
shell\AutoRun\command - E:\raklaunch.exe


======List of files/folders created in the last 2 months======

2008-11-17 10:38:10 ----D---- C:\rsit
2008-11-12 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-04 11:03:44 ----D---- C:\Program Files\Trend Micro
2008-10-31 08:57:23 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-30 14:32:49 ----D---- C:\Program Files\Windows Sidebar
2008-10-30 14:32:40 ----D---- C:\Program Files\Norton AntiVirus
2008-10-30 12:33:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-10-30 12:29:42 ----D---- C:\Program Files\McAfee.com
2008-10-30 12:29:31 ----D---- C:\Program Files\Common Files\McAfee
2008-10-30 12:29:18 ----D---- C:\Program Files\McAfee
2008-10-30 12:17:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-10-30 07:54:27 ----A---- C:\WINDOWS\system32\SymRedir.dll
2008-10-30 07:54:27 ----A---- C:\WINDOWS\system32\SymNeti.dll
2008-10-24 02:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll

======List of files/folders modified in the last 2 months======

2008-11-17 10:38:12 ----D---- C:\WINDOWS\Temp
2008-11-17 10:37:23 ----D---- C:\WINDOWS\Prefetch
2008-11-17 10:23:41 ----D---- C:\WINDOWS\system32
2008-11-17 09:15:24 ----SHD---- C:\WINDOWS\Installer
2008-11-17 09:15:24 ----HD---- C:\Config.Msi
2008-11-17 09:06:14 ----D---- C:\WINDOWS
2008-11-12 03:02:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 03:02:05 ----D---- C:\WINDOWS\system32\drivers
2008-11-12 03:02:02 ----HD---- C:\WINDOWS\inf
2008-11-12 03:02:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:02:00 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 03:00:44 ----D---- C:\WINDOWS\WinSxS
2008-11-11 20:13:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-11 17:14:39 ----A---- C:\WINDOWS\hpbafd.ini
2008-11-11 11:12:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-04 11:51:10 ----D---- C:\WINDOWS\system32\DLA
2008-11-04 11:03:44 ----RD---- C:\Program Files
2008-11-03 16:14:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 14:24:54 ----D---- C:\Program Files\Windows Media Player
2008-11-03 12:35:20 ----SHD---- C:\System Volume Information
2008-11-03 09:39:24 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-03 09:08:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 11:03:23 ----A---- C:\WINDOWS\win.ini
2008-10-31 02:03:52 ----D---- C:\Program Files\MyWebSearch
2008-10-31 02:03:52 ----D---- C:\Program Files\Internet Explorer
2008-10-30 14:51:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-30 14:45:25 ----D---- C:\WINDOWS\system32\config
2008-10-30 14:45:04 ----D---- C:\WINDOWS\system32\wbem
2008-10-30 14:45:04 ----D---- C:\WINDOWS\Registration
2008-10-30 12:30:02 ----SD---- C:\WINDOWS\Tasks
2008-10-30 12:29:31 ----D---- C:\Program Files\Common Files
2008-10-30 07:57:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-10-24 09:51:57 ----D---- C:\WINDOWS\Minidump
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 09:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-05-17 44544]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-23 3959712]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-27 1171464]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20080828.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080901.021\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080901.021\NAVEX15.SYS []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-23 155715]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Netcom3;NetCom3 Service; C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-07-10 1251720]
S4 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
S4 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-03-18 20480]
S4 QuickBooksDB17;QuickBooksDB17; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-11-17 10:38:21

======Uninstall list======

-->C:\Program Files\HP\Digital Imaging\{1EB321CB-3D1D-4cf2-ACB5-9F20874B8E69}\setup\hpzscr01.exe -datfile hpwscr05.dat
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Macromedia Flash Player 8-->MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MPM-->MsiExec.exe /X{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickBooks Premier: Contractor Edition 2007-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="contractor" QBFULLNAME="QuickBooks Premier: Contractor Edition 2007" ADDREMOVE=1
QuickBooks Product Listing Service-->MsiExec.exe /I{55584E16-4D70-44EE-93DD-F144E8B7D4B7}
QuickBooks Product Listing Service-->MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xerox Support Centre-->C:\Program Files\Xerox\Support Centre\supportuninstall.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -n QB_GINA-A6C6A0127C_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe C:\DOCUME~1\ginam\LOCALS~1\APPLIC~1\Intuit\QUICKB~1\Log\DBSTAR~1.LOG -y
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

======Security center information======

AV:
AV: McAfee VirusScan
FW:
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------
pcidiot
Active Member
 
Posts: 6
Joined: November 11th, 2008, 3:44 pm

Re: Windows Media Player problem

Unread postby silver » November 17th, 2008, 10:01 pm

Hi pcidiot,

It appears that you have two antivirus programs running - Norton Antivirus and McAfee. Running one antivirus program is essential, but having two can cause conflicts, slow your system down and even cause stability problems without improving your security. You should use just one antivirus program and if you want an "2nd opinion", use an online scanner like Kaspersky's.

If you have two antivirus programs installed, then please remove one of them before proceeding. Please make sure you choose one currently capable of receiving updates, because an antivirus program without updates cannot protect your system effectively.

If you wish to remove Norton Antivirus, then I recommend you try using the Norton Removal Tool, to use this please open this link:
http://service1.symantec.com/SUPPORT/ts ... 3108162039
and follow the instructions for Download and run the Norton Removal Tool
You will download a tool and run it from your Desktop, this will clean up the Norton installation.

If you have any problems, please stop and let me know.

------------------------------------------------------------------------

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
Code: Select all
@echo off
sc stop Netcom3 >> results.txt 2>>&1
sc delete Netcom3 >> results.txt 2>>&1
rd /q /s "C:\Program Files\MyWebSearch" >> results.txt 2>>&1
rd /q /s "C:\Program Files\Netcom3 Cleaner" >> results.txt 2>>&1
dir "C:\Program Files\MyWebSearch" /a /s >> results.txt 2>>&1
dir "C:\Program Files\Netcom3 Cleaner" /a /s >> results.txt 2>>&1
del %0

Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop and double-click it.
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called results.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.

------------------------------------------------------------------------

Open the ESET Online Scanner in Internet Explorer
  • Tick the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • Once the ActiveX has finished loading click Start to initialize and update the scanner
  • When the Computer scan screen appears, leave Remove found threats UN-checked, but check the box next to Scan unwanted applications. Then click Scan to begin the scan.
  • Once complete and the summary page appears, press Start->Run, copy/paste the following command into the box and press OK:
    notepad "C:\Program Files\EsetOnlineScanner\log.txt"
  • The log file should now appear in Notepad, copy and paste the contents in your next response.

------------------------------------------------------------------------

Once complete, please post the results.txt output, the Eset scan report and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Windows Media Player problem

Unread postby pcidiot » November 19th, 2008, 1:22 pm

Hi,

I ran the ESET scan and it didn't find anything. I will post the other results, looks like this didn't work either?

SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


The system cannot find the file specified.
The system cannot find the file specified.
Volume in drive C has no label.
Volume Serial Number is 280E-86E9
File Not Found
Volume in drive C has no label.
Volume Serial Number is 280E-86E9
File Not Found

here is the Hijak this report;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:01 AM, on 11/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?N=A
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -n QB_GINA-A6C6A0127C_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe C:\DOCUME~1\ginam\LOCALS~1\APPLIC~1\Intuit\QUICKB~1\Log\DBSTAR~1.LOG -y
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 4228 bytes
pcidiot
Active Member
 
Posts: 6
Joined: November 11th, 2008, 3:44 pm

Re: Windows Media Player problem

Unread postby silver » November 19th, 2008, 9:53 pm

Hi pcidiot,

I will post the other results, looks like this didn't work either?
No problems :)

I'd like to see the Eset report anyway, you can open the report by pressing Start-Run, pasting this command into the box and pressing OK:
notepad "C:\Program Files\EsetOnlineScanner\log.txt"


Download Gmer to your Desktop from here:
http://www.gmer.net/gmer.zip
  • Unzip the program onto your Desktop (right-click, select Extract All... and follow the prompts)
  • Disconnect from the internet and close all running programs
  • Double click gmer.exe, let the gmer.sys driver load if asked
  • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say OK
  • If there is no warning, then check that the Rootkit tab is selected and click the Scan button - don't change any settings before you do so
  • Please do not use your computer during the scan
  • Once the scan is complete, click the Copy button
  • Open Notepad (Click Start->Run, type notepad and Enter) and hit Ctrl+V to paste the log and then save the log to your desktop

Once complete, please post the Gmer report, the Eset scan log and a new HijackThis log.
Also, let me know how your computer is running now.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Windows Media Player problem

Unread postby pcidiot » November 20th, 2008, 7:21 pm

Hi, thanks for all your help : ). My computer is running better since I removed Norton, thanks for that. Here is the scans you asked for:

Hijack this;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:52 PM, on 11/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?N=A
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -n QB_GINA-A6C6A0127C_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe C:\DOCUME~1\ginam\LOCALS~1\APPLIC~1\Intuit\QUICKB~1\Log\DBSTAR~1.LOG -y
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 3674 bytes


GMER scan;

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-20 15:07:35
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF397E9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF397EA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF397E958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF397E96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF397EA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF397EA81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF397EAEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF397EAD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF397E9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF397EB1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF397EA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF397E930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF397E944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF397E9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF397EB57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF397EAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF397EAAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF397EA6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF397EB43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF397EB2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF397E996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF397E982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF397EA97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF397EA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF397EB05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF397EA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF397E9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070078
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700A4
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700E4
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F41
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F26
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[684] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000700B5
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060087
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00060076
.text C:\WINDOWS\system32\services.exe[684] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060065
.text C:\WINDOWS\system32\services.exe[684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00090
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00FA5
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00FB6
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00069
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00047
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F000E3
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F000D2
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F00F80
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00119
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F00F6F
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F00058
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F0001B
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F000AB
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F00036
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F00FDB
.text C:\WINDOWS\system32\lsass.exe[696] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F000FE
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00EF0FCA
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00EF0FAF
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00EF001B
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00EF0062
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00EF0051
.text C:\WINDOWS\system32\lsass.exe[696] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00EF0036
.text C:\WINDOWS\system32\lsass.exe[696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B800B7
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B800A6
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80095
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80084
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80062
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B800EF
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80FA7
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F67
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F78
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B80111
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B80073
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B80011
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B800D2
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B80051
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B80100
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B70FCA
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B70F83
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B7001B
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B70040
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B70F9E
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ D7, 88 ]
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B70FB9
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50FE5
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B50071
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B50056
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B50045
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50F7C
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50F9E
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B500AE
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B5009D
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50F26
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50F4B
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B500DA
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B50F8D
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B5008C
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B50FB9
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B50FCA
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B500C9
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B40036
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B40062
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B40FA5
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B40FE5
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B40FC0
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ D4, 88 ]
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B40047
.text C:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE00B2
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE00A1
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0090
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0FC7
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE004E
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0F74
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0F85
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE00F9
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE00E8
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CE0114
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CE005F
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CE0FA2
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CE003D
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CE002C
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CE00D7
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CD0036
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CD0FC0
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CD0F79
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CD0F8A
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ ED, 88 ]
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CD0FAF
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 031C0000
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 031C007D
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 031C006C
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 031C0F9E
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 031C0051
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 031C0FC0
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 031C00C6
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 031C00B5
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 031C00EB
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 031C0F52
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 031C0F37
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 031C0FAF
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 031C0011
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 031C008E
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 031C0FDB
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 031C002C
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 031C0F63
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 031A0036
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 031A008E
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 031A0011
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 031A0FDB
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 031A007D
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 031A0000
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 031A0062
.text C:\WINDOWS\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 031A0047
.text C:\WINDOWS\System32\svchost.exe[1044] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03180FEF
.text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 031B0000
.text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 031B0011
.text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 031B0022
.text C:\WINDOWS\System32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 031B0FDB
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007B00A8
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007B0097
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007B007A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007B0069
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007B0047
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007B0F87
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007B00C3
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007B0F4A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007B0F5B
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007B0F2F
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007B0058
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 007B0F98
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 007B0036
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 007B0025
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007B0F6C
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007A0047
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007A0FA5
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007A0036
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007A001B
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007A0FB6
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007A000A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 007A0062
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007A0FDB
.text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC000A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EC0F6B
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EC0F90
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EC0FA1
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EC0FB2
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EC0FC3
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EC0091
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EC0F49
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC00BD
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EC0F24
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00EC0EFF
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00EC004A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00EC0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00EC001B
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00EC00A2
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00EA0011
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00EA0F87
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00EA0FC0
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00EA004E
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00EA003D
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00EA0022
.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00EB001B
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00EB0036
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B007D
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F88
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F46
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F57
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00D8
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00B3
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B00F3
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B0FDB
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B008E
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[1396] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B0F35
.text C:\WINDOWS\system32\wuauclt.exe[1396] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[1396] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0F79
.text C:\WINDOWS\system32\wuauclt.exe[1396] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[1396] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[1396] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0F94
.text C:\WINDOWS\system32\wuauclt.exe[1396] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1396] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\wuauclt.exe[1396] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B60F5A
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B60F75
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B60F86
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B60FA1
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B60FCD
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B60F3F
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B60087
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B60F13
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B600AC
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B60F02
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B60FB2
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B60014
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B6006A
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B60FDE
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B6002F
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B60F2E
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B50FC3
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B5004A
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B50014
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B50FD4
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B50F83
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B50FA8
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ D5, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B5002F
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01980FEF
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 019800A4
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01980FA5
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0198007D
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01980FC0
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01980051
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01980F6D
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 019800B5
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01980F5C
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 019800F5
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01980110
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01980062
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0198000A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01980F94
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01980036
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0198001B
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 019800DA
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01960025
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01960F9E
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01960FD4
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01960014
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01960051
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01960FEF
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01960FB9
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ B6, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01960036
.text C:\WINDOWS\system32\svchost.exe[1656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01430FEF
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01970FE5
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01970000
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01970011
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenUrlW 780BAEB9 3 Bytes JMP 01970FC0
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenUrlW + 4 780BAEBD 1 Byte [ 89 ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1944] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F74
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0069
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A004E
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A003D
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F63
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00AB
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F23
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F48
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00E1
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0022
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0084
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[2756] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00C6
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290028
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029005E
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FCD
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290FDE
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FA1
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290043
.text C:\WINDOWS\System32\svchost.exe[2756] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FBC
.text C:\WINDOWS\System32\svchost.exe[2756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0087
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0076
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F9C
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A005B
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0025
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00D3
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F81
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A011A
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00FF
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F66
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0040
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A00AC
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0014
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\Explorer.EXE[3216] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00EE
.text C:\WINDOWS\Explorer.EXE[3216] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[3216] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029004A
.text C:\WINDOWS\Explorer.EXE[3216] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[3216] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[3216] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290F83
.text C:\WINDOWS\Explorer.EXE[3216] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[3216] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290F9E
.text C:\WINDOWS\Explorer.EXE[3216] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\Explorer.EXE[3216] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FAF
.text C:\WINDOWS\Explorer.EXE[3216] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\Explorer.EXE[3216] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\Explorer.EXE[3216] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C0FC3
.text C:\WINDOWS\Explorer.EXE[3216] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[3216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 017D0FEF

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat B73D0D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.14 ----

ESET log;
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3628 (20081120)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=4a5b8c4aff3bfe4e992b2609aadfd1e1
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-20 07:46:21
# local_time=2008-11-20 11:46:21 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=433907
# found=0
# scan_time=7446
pcidiot
Active Member
 
Posts: 6
Joined: November 11th, 2008, 3:44 pm

Re: Windows Media Player problem

Unread postby silver » November 20th, 2008, 11:07 pm

The reports look fine and I'm glad to hear things have improved, but are you still experiencing the original symptoms or have they gone away?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Windows Media Player problem

Unread postby silver » November 23rd, 2008, 9:39 pm

Are you still with me?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Windows Media Player problem

Unread postby pcidiot » November 25th, 2008, 5:05 pm

Hi,

I'm sorry, I was waiting to see a reply in my e-mail and I didn't so I checked and here you are. Yes, I am still having problems, Windows Media Player still pops up a lot and sometimes a search window and stickY keys box will also pop up. Then sometimes my compUTer will just log me off or shut down by itself. I am not sure what to do, have you heard of anything like this? It makes it really hard to get my work done : (.

Thanks so much!
pcidiot
Active Member
 
Posts: 6
Joined: November 11th, 2008, 3:44 pm

Re: Windows Media Player problem

Unread postby silver » November 25th, 2008, 8:42 pm

Hi,

I'm sorry to hear these things are still happening and they do sound very frustrating!

We have cleaned some malware from your machine and had a pretty close look so at present I think your machine is not infected. I don't actually know what could be causing the problem, but at this stage I do not suspect malware as the cause. Our expertise is in malware removal, therefore I recommend you try posting at a general troubleshooting forum like WhatTheTech or PC Pitstop. The experts at these forums specialize in this type of problem so you will be in good hands.

Some important final steps:

Please now delete rsit.exe, gmer.exe and any remaining logs from your Desktop, also delete this folder:
C:\rsit


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

------------------------------------------------------------------------

Here are some tips to help you keep your computer clean:

You have a good antivirus program installed, however I recommend you install antispyware software with real-time capabilities - this means it protects you from system changes and spyware while you are working, not just removing malware after it has been installed. There are a range of paid-for and free packages available, a free one I can recommend is Windows Defender, available here:
http://www.microsoft.com/athome/securit ... fault.mspx

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Windows Media Player problem

Unread postby pcidiot » November 26th, 2008, 2:24 pm

Thanks very much for all of your help :). I did the clean up you suggested asnd will keep you posted as to how things go.

Happy Holliday!
pcidiot
Active Member
 
Posts: 6
Joined: November 11th, 2008, 3:44 pm

Re: Windows Media Player problem

Unread postby silver » November 26th, 2008, 9:50 pm

You're very welcome!

I'd really like to hear how things turn out but we have to close completed topics to prevent others from posting to them. If you do have time to let me know you could drop me a PM or post in the General Discussions forum. Best of luck!




This topic is now closed
We are pleased to have been of assistance in getting you clean.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 269 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware