Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop has become VERY sluggish over last 2-3 months


  • Please log in to reply
10 replies to this topic

#1 vmobs

vmobs

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 21 September 2010 - 08:59 AM

I am running Windows XP 2002 SP3 on my laptop along with McAfee Security Center which is provided by AT&T. The laptop has historically ran very smoothly, but I noticed the performance starting to degrade about 2-3 months ago. It is now to the point where I am suspecting some sort of infection or malware because the performance is so bad. Sometimes, the CPU performance locks at 100% for long periods which explains the slow performance. But other times, there is no explanation ... the CPU performance appears normal (fluctuates between 0-25%) yet the laptop remains sluggish.

I have not made any system changes or recently added any new applications other than coupon printing apps that I have been told are safe.

Can you please help me determine what may be causing this problem? I'll be happy to provide any additional information or run any tests deemed necessary.

Thanks in advance for your help,
-Vanessa

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:01 AM

Posted 21 September 2010 - 05:54 PM

Welcome back to BC

Would you run a quick scan with MBAM?

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Chewy

No. Try not. Do... or do not. There is no try.

#3 vmobs

vmobs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 21 September 2010 - 07:50 PM

Hi Chewy ... thanks in advance for helping me again!

Here's the MBAM report ... not too much but I suppose it's a start :-)
I look forward to the next step.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4667

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/21/2010 8:38:27 PM
mbam-log-2010-09-21 (20-38-27).txt

Scan type: Quick scan
Objects scanned: 149041
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:01 AM

Posted 21 September 2010 - 08:04 PM

Would you download this little program so I can have a look at your laptop?

http://redirectingat.com/?id=3687X620620&a...c346883-15.html

Save to your desktop and run it, paste the log into a reply please.
Chewy

No. Try not. Do... or do not. There is no try.

#5 vmobs

vmobs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 21 September 2010 - 08:16 PM

Here ya go ...

Logfile of Aommaster's HardwareInfo v.1.0.0
###############
Computer information
###############
Manufacturer: Dell Inc.
Model: Latitude D610
Type: Portable

##############
Disk Drive information
##############
--------------
Drive \\.\PHYSICALDRIVE0
--------------
Manufacturer:(Standard disk drives)
Model:Hitachi HTS541040G9AT00
Interface Type:IDE
Media Type:Fixed hard disk media
Partitions: 1
Total Space: 37.26 GB


##############
Partition information
##############
--------------
Drive C:
--------------
Media Type: Fixed
File System: NTFS
Total Space: 37.26 GB
Free Space: 15.37 GB
Used Space: 21.88 GB

###########
OS information
###########
----------------------------
Operating System: Microsoft Windows XP Professional
----------------------------
Version: 5.1.2600
Service Pack: SP3
Total Virtual Memory: 1.99 GB
Free Virtual Memory: 1.95 GB
RAM Available to OS: 1.49 GB
Free RAM: 834.39 MB
Pagefile Initial Size: 2046 MB
Pagefile Maximum Size: 4092 MB


###########
RAM information
###########
----------------------------
Name: Physical Memory 0
----------------------------
RAM: 512 MB
Speed: 533 MHz
Type: Unknown

----------------------------
Name: Physical Memory 1
----------------------------
RAM: 1 GB
Speed: 667 MHz
Type: Unknown


###########
Motherboard information
###########
----------------------------
Name: Base Board
----------------------------
Description: Dell Inc.
Product: 0U8082


###########
BIOS information
###########
----------------------------
Name: Phoenix ROM BIOS PLUS Version 1.10 A06
----------------------------
Description: Dell Inc.
BIOS Version: A06


###########
CPU information
###########
----------------------------
Name: Intel® Pentium® M processor 1.86GHz
----------------------------
Type: 64-bit
Cores: 1
Maximum Clock Speed: 1.8 GHz
Current Clock Speed: 1.8 GHz


###########
GPU information
###########
----------------------------
Name: Mobile Intel® 915GM/GMS,910GML Express Chipset Family
----------------------------
Card Memory: 128 MB
----------------------------
Name: Mobile Intel® 915GM/GMS,910GML Express Chipset Family
----------------------------
Card Memory: 128 MB


~~~EOF~~~

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:01 AM

Posted 21 September 2010 - 08:37 PM

Well you have plenty of free hard drive space and available ram?

Let's look deeper for infections.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
Chewy

No. Try not. Do... or do not. There is no try.

#7 vmobs

vmobs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 21 September 2010 - 10:14 PM

Sorry for the delay ... gmer.log contents below. I had no problem completing the scan. However, when I tried to reconnect to the internet so I could post this log, I got the blue screen and had to reboot. Let me know if this affects the outcome or if I need to rescan.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-21 23:04:16
Windows 5.1.2600 Service Pack 3
Running: ige0dsz4.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\agpyikog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA928C78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA928C821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA928C738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA928C74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA928C835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA928C861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA928C8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA928C8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA928C7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA928C8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA928C80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA928C710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA928C724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA928C79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA928C937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA928C8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA928C88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA928C84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA928C923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA928C90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA928C776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA928C762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA928C877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA928C7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA928C8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA928C7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA928C7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP A928C7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2EE 5 Bytes JMP A928C78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74F0 7 Bytes JMP A928C7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8306 5 Bytes JMP A928C7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA88 7 Bytes JMP A928C7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1316 5 Bytes JMP A928C714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15A2 5 Bytes JMP A928C728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DD4 5 Bytes JMP A928C766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP A928C750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74A0 5 Bytes JMP A928C73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79AA 5 Bytes JMP A928C77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CAA 5 Bytes JMP A928C7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80618568 7 Bytes JMP A928C891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806188B6 7 Bytes JMP A928C87B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80618BE0 7 Bytes JMP A928C8E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80619492 7 Bytes JMP A928C8A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D66 7 Bytes JMP A928C84F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A344 5 Bytes JMP A928C825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7E0 7 Bytes JMP A928C839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A9B0 7 Bytes JMP A928C865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB90 7 Bytes JMP A928C8D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8061ADFA 7 Bytes JMP A928C8BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B722 5 Bytes JMP A928C811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 8061BA64 7 Bytes JMP A928C93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8061BD24 5 Bytes JMP A928C913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8061C418 5 Bytes JMP A928C927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C532 5 Bytes JMP A928C8FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0F62
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F73
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F84
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0FA1
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0FCD
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F34
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD007C
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0EFE
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0097
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD00BC
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0FBC
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0025
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0F51
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0FDE
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F23
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0036
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0F8D
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0FA8
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0FCA
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0FA3
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0038
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB001D
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FBE
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FE3
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70F80
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70F91
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D7005F
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D7004E
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D7003D
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D700AD
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D70F65
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D700E3
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D700C8
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D700F4
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70FB6
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D70011
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D70090
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D70FD1
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D7002C
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D70F54
.text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D6009B
.text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D60040
.text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60025
.text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D6008A
.text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D6000A
.text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D60FDE
.text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 88]
.text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D6005B
.text C:\WINDOWS\system32\services.exe[896] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D50FD2
.text C:\WINDOWS\system32\services.exe[896] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D5005D
.text C:\WINDOWS\system32\services.exe[896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D5002E
.text C:\WINDOWS\system32\services.exe[896] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\services.exe[896] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D50FE3
.text C:\WINDOWS\system32\services.exe[896] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D5001D
.text C:\WINDOWS\system32\services.exe[896] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F7C
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F97
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0FA8
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0065
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0039
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F50
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB008C
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F13
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F2E
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB00D1
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB004A
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F61
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F3F
.text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA0054
.text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0F8D
.text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BA0FA8
.text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DA, 88]
.text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA002F
.text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90FAD
.text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90FC8
.text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90027
.text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90038
.text C:\WINDOWS\system32\lsass.exe[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90FE3
.text C:\WINDOWS\system32\lsass.exe[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD00A4
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0093
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0082
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0065
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0039
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD00D5
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0F8D
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F57
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00F0
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0101
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD004A
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0F9E
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FCD
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD001E
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F72
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0FA5
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0062
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0036
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0F86
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FB5
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0FE3
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FD2
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60084
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60F8F
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60073
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60FB6
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60047
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D60F5E
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D600B0
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D600DC
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D600CB
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D60F28
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D60058
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D60011
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D60095
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D60FDB
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D6002C
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D60F4D
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50011
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50F91
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50FCA
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D5004E
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D5003D
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D5002C
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D40042
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40027
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40FC8
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40FB7
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D40FE3
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D30000
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02660000
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0266007D
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0266006C
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02660F9E
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0266005B
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02660FAF
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026600A9
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02660098
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026600D5
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026600BA
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02660F21
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02660036
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02660011
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02660F6D
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02660FC0
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02660FDB
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02660F46
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01EA001B
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01EA0F97
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01EA000A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01EA0FD4
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01EA0054
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01EA0FE5
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01EA0FA8
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0A, 8A]
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01EA0FB9
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01E90FB7
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!system 77C293C7 5 Bytes JMP 01E90FC8
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01E9002E
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01E90000
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01E90FE3
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01E9001D
.text C:\WINDOWS\System32\svchost.exe[1176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01E80FEF
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01E70000
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01E70FE5
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01E70FCA
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01E7001B
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0000
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0F52
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0F63
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0047
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0036
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C0FA5
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C0098
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C007D
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0F24
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C0F35
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C00E2
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0F94
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C0011
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C006C
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0FC0
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C0FD1
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C00B3
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0FB9
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0051
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0FCA
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0040
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 3 Bytes JMP 006B002F
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0FA8
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A002F
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A0FA4
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0FC6
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A0FE3
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A0FB5
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A0000
.text C:\WINDOWS\System32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690FEF
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02150000
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02150F52
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02150F63
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02150F7E
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02150FA5
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02150FC0
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02150086
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02150075
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 021500BC
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 021500A1
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02150F08
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02150047
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02150011
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02150058
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02150036
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02150FE5
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02150F23
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02140033
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0214005F
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02140022
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02140011
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02140F98
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02140000
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02140044
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02140FC7
.text C:\WINDOWS\Explorer.EXE[1444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02130053
.text C:\WINDOWS\Explorer.EXE[1444] msvcrt.dll!system 77C293C7 5 Bytes JMP 02130038
.text C:\WINDOWS\Explorer.EXE[1444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0213001D
.text C:\WINDOWS\Explorer.EXE[1444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02130000
.text C:\WINDOWS\Explorer.EXE[1444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02130FD2
.text C:\WINDOWS\Explorer.EXE[1444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02130FEF
.text C:\WINDOWS\Explorer.EXE[1444] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 02120000
.text C:\WINDOWS\Explorer.EXE[1444] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 02120FE5
.text C:\WINDOWS\Explorer.EXE[1444] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02120011
.text C:\WINDOWS\Explorer.EXE[1444] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 02120FC0
.text C:\WINDOWS\Explorer.EXE[1444] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0260000A
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FE5
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780F52
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F6D
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F94
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780051
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780025
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F41
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780089
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800C9
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F30
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007800E4
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780036
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FD4
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0078006C
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FB9
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800A4
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770036
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770FAF
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770025
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0077006C
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00770051
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770FCA
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760FBC
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760FCD
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760029
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760FDE
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0076000C
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0F72
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0071
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0060
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0FA1
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0FC3
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0F3A
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0082
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0F0E
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D0F1F
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D0EFD
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0FB2
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0F57
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0025
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D0FD4
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D00A7
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C002C
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0FAF
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0011
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C006C
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009C0FC0
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BC, 88]
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C003D
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0062
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0051
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0011
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B002C
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FE3
.text C:\WINDOWS\system32\svchost.exe[1696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0F83
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0F9E
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C006C
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C005B
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C0036
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C009F
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C0F57
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0F32
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C00CB
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C0F21
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0FB9
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C0000
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C0F72
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C001B
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C0FCA
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C00B0
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0FDB
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0047
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B002C
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0011
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0F8A
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006B0F9B
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0FB6
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A0038
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A0FAD
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A001D
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A0FBE
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A000C
.text C:\WINDOWS\System32\svchost.exe[1724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690FEF
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA005B
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0040
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F83
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FB2
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00A4
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F52
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00E1
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00D0
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0F2D
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA002F
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA007D
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FCD
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00B5
.text C:\WINDOWS\system32\svchost.exe[2016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FDB
.text C:\WINDOWS\system32\svchost.exe[2016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660073
.text C:\WINDOWS\system32\svchost.exe[2016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0066002C
.text C:\WINDOWS\system32\svchost.exe[2016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[2016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660062
.text C:\WINDOWS\system32\svchost.exe[2016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[2016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660051
.text C:\WINDOWS\system32\svchost.exe[2016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660FC0
.text C:\WINDOWS\system32\svchost.exe[2016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FC3
.text C:\WINDOWS\system32\svchost.exe[2016] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[2016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650029
.text C:\WINDOWS\system32\svchost.exe[2016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[2016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650044
.text C:\WINDOWS\system32\svchost.exe[2016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0065000C
.text C:\WINDOWS\system32\svchost.exe[2016] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[2016] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[2016] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 0063001E
.text C:\WINDOWS\system32\svchost.exe[2016] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[2016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9009A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90089
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90078
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B9005B
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B900D7
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B900C6
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900F9
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900E8
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90F45
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90040
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B900AB
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90025
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90F74
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80051
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80F94
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[2208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B7004C
.text C:\WINDOWS\system32\svchost.exe[2208] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70FC1
.text C:\WINDOWS\system32\svchost.exe[2208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70FD2
.text C:\WINDOWS\system32\svchost.exe[2208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[2208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70031
.text C:\WINDOWS\system32\svchost.exe[2208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A008C
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A005B
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00B8
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F70
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F26
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00C9
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F15
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00A7
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A002C
.text C:\WINDOWS\system32\svchost.exe[3292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F55
.text C:\WINDOWS\system32\svchost.exe[3292] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290F9E
.text C:\WINDOWS\system32\svchost.exe[3292] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290047
.text C:\WINDOWS\system32\svchost.exe[3292] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FAF
.text C:\WINDOWS\system32\svchost.exe[3292] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FCA
.text C:\WINDOWS\system32\svchost.exe[3292] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290036
.text C:\WINDOWS\system32\svchost.exe[3292] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
.text C:\WINDOWS\system32\svchost.exe[3292] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290025
.text C:\WINDOWS\system32\svchost.exe[3292] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\svchost.exe[3292] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0F9E
.text C:\WINDOWS\system32\svchost.exe[3292] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FB9
.text C:\WINDOWS\system32\svchost.exe[3292] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FD4
.text C:\WINDOWS\system32\svchost.exe[3292] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\system32\svchost.exe[3292] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0029
.text C:\WINDOWS\system32\svchost.exe[3292] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E000C
.text C:\WINDOWS\system32\svchost.exe[3292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[3292] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[3292] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00E6001B
.text C:\WINDOWS\system32\svchost.exe[3292] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00E60040
.text C:\WINDOWS\system32\svchost.exe[3292] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00E60FE5

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:01 AM

Posted 22 September 2010 - 04:56 AM

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
When TFC finishes, but before you OK out, note how much in Megabytes it cleans and report please.

After reboot run regular disk cleanup and then defrag please.

Did this make any difference?
Chewy

No. Try not. Do... or do not. There is no try.

#9 vmobs

vmobs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 22 September 2010 - 08:39 AM

TFC cleaned 1063 MB

Disk cleanup freed up 4,957,255 KB with total amount gained 72 KB

Defrag completed

Still slow ... cleaning up did not appear to make any difference.

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:01 AM

Posted 22 September 2010 - 10:02 AM

Would you download Processexplorer


http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx


When you run it, under file and save as, create a log and copy into a reply.

One note, McAfee is a real resource hog, you have a lot of ram but laptops throttle back the cpu to save battery power, your cpu is relatively slow by today's standards.

Also it not unusual for a process that loads at bootup to become corrupt or cause a conflict and cause a problem like you are experiencing.

Edited by DaChew, 22 September 2010 - 10:09 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#11 vmobs

vmobs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 22 September 2010 - 11:00 AM

Yes, I've heard that McAfee is a hog and I've been wondering if that is the problem. I uninstalled it from my home desktop for that reason, though the desktop is still slow. Though the desktop is old and not much RAM or processor speed.

In any event, the log from Process Explorer is below ... hopefully you can identify the corrupt file that is causing this mayhem!


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 84.85 0 K 28 K
Interrupts n/a 1.52 0 K 0 K Hardware Interrupts
DPCs n/a 1.52 0 K 0 K Deferred Procedure Calls
System 4 0 K 244 K
smss.exe 756 176 K 420 K Windows NT Session Manager Microsoft Corporation
csrss.exe 828 1,860 K 5,564 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 852 8,464 K 1,840 K Windows NT Logon Application Microsoft Corporation
services.exe 896 1.52 2,056 K 3,820 K Services and Controller app Microsoft Corporation
svchost.exe 1060 3,504 K 5,496 K Generic Host Process for Win32 Services Microsoft Corporation
mcagent.exe 2452 6,484 K 1,584 K McAfee Integrated Security Platform McAfee, Inc.
igfxsrvc.exe 3088 1,352 K 3,508 K igfxsrvc Module Intel Corporation
Dot1XCfg.exe 2416 9,744 K 14,680 K Intel 802.1x Server Intel Corporation
rapimgr.exe 1600 2,524 K 5,160 K ActiveSync RAPI Manager Microsoft Corporation
svchost.exe 1136 2,368 K 5,100 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1172 16,192 K 25,036 K Generic Host Process for Win32 Services Microsoft Corporation
EvtEng.exe 1212 8,756 K 12,520 K Intel® PROSet/Wireless Event Log Intel Corporation
S24EvMon.exe 1464 9,444 K 12,524 K Wireless Management Service Intel Corporation
WLKEEPER.exe 1504 8,936 K 13,228 K WLANKEEPER Intel® Corporation
svchost.exe 1572 4,448 K 6,716 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1696 1,760 K 4,120 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1928 7,992 K 12,024 K Spooler SubSystem App Microsoft Corporation
scardsvr.exe 1972 1,060 K 2,852 K Smart Card Resource Management Server Microsoft Corporation
svchost.exe 2028 1,496 K 3,996 K Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 188 1,984 K 2,884 K Apple Mobile Device Service Apple Inc.
mDNSResponder.exe 200 1,364 K 3,968 K Bonjour Service Apple Inc.
svchost.exe 244 3,020 K 5,720 K Generic Host Process for Win32 Services Microsoft Corporation
jqs.exe 288 2,284 K 1,396 K Java™ Quick Starter Service Sun Microsystems, Inc.
McSACore.exe 312 8,544 K 4,580 K SiteAdvisor McAfee, Inc.
McciCMService.exe 328 2,132 K 4,188 K mcci+McciCMService Motive Communications, Inc.
mcmscsvc.exe 504 9,776 K 4,380 K McAfee Services McAfee, Inc.
McNASvc.exe 576 8,420 K 10,796 K McAfee Network Agent McAfee, Inc.
McProxy.exe 684 6,752 K 1,292 K McAfee Proxy Service Module McAfee, Inc.
Mcshield.exe 808 136,244 K 51,700 K On-Access Scanner service McAfee, Inc.
MpfSrv.exe 1088 7,288 K 5,140 K McAfee Personal Firewall Service McAfee, Inc.
svchost.exe 1672 1,240 K 3,140 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1768 1,232 K 3,120 K Generic Host Process for Win32 Services Microsoft Corporation
RegSrvc.exe 1868 1,004 K 3,244 K Intel® PROSet/Wireless Registry Service Intel Corporation
svchost.exe 2140 2,676 K 4,616 K Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 3696 1,288 K 3,756 K Application Layer Gateway Service Microsoft Corporation
mcsysmon.exe 3812 5,796 K 4,192 K McAfee SystemGuards Service McAfee, Inc.
iPodService.exe 2200 2,524 K 4,112 K iPodService Module (32-bit) Apple Inc.
svchost.exe 2868 6,056 K 7,180 K Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 908 4,104 K 2,664 K LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1452 24,608 K 35,852 K Windows Explorer Microsoft Corporation
hkcmd.exe 2984 792 K 2,968 K hkcmd Module Intel Corporation
igfxpers.exe 3036 824 K 3,116 K persistence Module Intel Corporation
ZCfgSvc.exe 3068 7,572 K 14,128 K ZeroCfgSvc MFC Application Intel Corporation
iFrmewrk.exe 3076 12,752 K 17,332 K Intel Framework MFC Application Intel Corporation
GrooveMonitor.exe 3116 1,784 K 5,988 K GrooveMonitor Utility Microsoft Corporation
Apoint.exe 3152 4,124 K 7,664 K Alps Pointing-device Driver Alps Electric Co., Ltd.
hpwuSchd2.exe 3692 732 K 2,432 K hpwuSchd Application Hewlett-Packard
iTunesHelper.exe 3916 8,560 K 13,392 K iTunesHelper Apple Inc.
ctfmon.exe 2116 1,084 K 4,096 K CTF Loader Microsoft Corporation
wcescomm.exe 564 1,408 K 4,860 K ActiveSync Connection Manager Microsoft Corporation
hpqtra08.exe 2192 4,836 K 10,336 K HP Digital Imaging Monitor Hewlett-Packard Co.
chrome.exe 3236 6.06 44,828 K 14,260 K Google Chrome Google Inc.
chrome.exe 876 20,448 K 28,400 K Google Chrome Google Inc.
chrome.exe 236 3.03 24,496 K 32,500 K Google Chrome Google Inc.
chrome.exe 2960 25,560 K 33,464 K Google Chrome Google Inc.
chrome.exe 2236 11,268 K 18,300 K Google Chrome Google Inc.
procexp.exe 3540 1.52 11,932 K 17,056 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
ApntEx.exe 3720 560 K 2,104 K Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users