Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Many DrWatson errors and Virtumonde

Started by Xad , Jul 10 2008 09:54 AM

  • Please log in to reply

#46
JSntgRvr
Posted 02 September 2008 - 09:21 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Strange.

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
is-BCD4F.exe

[Exclude]
Options]
Filter=KVDLUI



2. Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.

  • 0

Advertisements

#47
Xad
Posted 03 September 2008 - 01:33 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 9/3/2008 3:23:58 PM for strings:
; 'is-bcd4f.exe'
; Strings excluded from search:
; 'options]'
; 'filter=kvdlui'
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
  • 0

#48
JSntgRvr
Posted 03 September 2008 - 04:21 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Wonder where that error came from


Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
  • 0

#49
Xad
Posted 04 September 2008 - 12:47 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-04 14:45:47
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT spme.sys ZwCreateKey [0xF74DA0E0]
SSDT spme.sys ZwEnumerateKey [0xF74F7CA2]
SSDT spme.sys ZwEnumerateValueKey [0xF74F8030]
SSDT spme.sys ZwOpenKey [0xF74DA0C0]
SSDT spme.sys ZwQueryKey [0xF74F8108]
SSDT spme.sys ZwQueryValueKey [0xF74F7F88]
SSDT spme.sys ZwSetValueKey [0xF74F819A]

INT 0x62 ? 8A397BF8
INT 0x63 ? 8A226DC8
INT 0x73 ? 8A226DC8
INT 0x82 ? 8A397BF8
INT 0xA4 ? 8A226DC8
INT 0xB4 ? 8A226DC8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAED4E9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAED4E958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAED4E96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAED4EA5B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAED4EA87]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAED4E9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAED4EB21]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAED4E930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAED4E944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAED4E9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAED4EAC9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAED4EA71]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAED4EB49]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAED4EB35]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAED4E996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAED4E982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAED4EA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAED4EB0B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAED4EA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAED4E9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP AED4E9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP AED4E9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP AED4E986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP AED4E934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP AED4E9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP AED4EA04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP AED4E9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP AED4E970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822E0 5 Bytes JMP AED4EA1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1BD 5 Bytes JMP AED4E948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A68D 5 Bytes JMP AED4EB25 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D50 7 Bytes JMP AED4EA8B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952BE 7 Bytes JMP AED4EA5F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B135A 5 Bytes JMP AED4E95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCDF 5 Bytes JMP AED4E99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9FA 7 Bytes JMP AED4EB0F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E320 7 Bytes JMP AED4EACD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E79E 7 Bytes JMP AED4EA75 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC91 5 Bytes JMP AED4EB39 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0FA 5 Bytes JMP AED4EB4D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? spme.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9E188AC 5 Bytes JMP 8A2263A8

---- User code sections - GMER 1.0.14 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[516] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010A0FEF
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010A0F86
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010A007B
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010A0FA1
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010A0054
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010A0043
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010A0096
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010A0F4E
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010A00D6
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010A00BB
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 010A0F22
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 010A0FB2
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 010A0FDE
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 010A0F75
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 010A0028
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 010A0FCD
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 010A0F33
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF0FC0
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF0F80
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF0FDB
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0F91
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00FF003D
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF002C
.text C:\WINDOWS\system32\services.exe[760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0047
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0F52
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0036
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0025
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0F8D
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0084
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0073
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F06
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED009F
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00ED0EF5
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00ED0014
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00ED0FDE
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00ED0062
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00ED0FA8
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00ED0FC3
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00ED0F2B
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00EC0025
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00EC0F8A
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00EC0051
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00EC0036
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00EC0FAF
.text C:\WINDOWS\system32\lsass.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B10076
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B10F77
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B10051
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B10F94
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B10FB6
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B10F41
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B10087
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B100DA
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B100C9
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B10F26
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B10FA5
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B10F66
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B10022
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B10011
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B100A4
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B00FB9
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B00F72
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B00FDE
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B00F8D
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B00FA8
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ D0, 88 ]
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B0002F
.text C:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0086
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F87
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0061
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0044
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0022
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB00CF
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00B4
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00E0
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F47
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BB0F36
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BB0033
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BB0097
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BB0FC0
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BB0F6C
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BA0FB6
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BA0F79
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BA0FDB
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BA0F94
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DA, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BA0FA5
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A50F5E
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A50F6F
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A50047
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A50036
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A50F9E
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A5009F
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A50078
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A500D5
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A50F3C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00A50F21
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A50FCA
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00A50F4D
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00A50FB9
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00A500BA
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A40FD1
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A40FA2
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A4002C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A4001B
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A40069
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00A40058
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A4003D
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02AE0FEF
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02AE0039
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02AE0F44
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02AE0F55
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02AE001E
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02AE0F8D
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02AE0071
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02AE0F29
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02AE00A7
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02AE008C
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02AE00C2
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02AE0F72
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02AE0FD4
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02AE0054
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02AE0FA8
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02AE0FB9
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02AE0F0E
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01820FB9
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01820025
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01820000
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01820FD4
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01820F72
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01820FEF
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01820F8D
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ A2, 89 ]
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01820FA8
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01800FEF
.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01830000
.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01830FE5
.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01830FD4
.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01830FB9
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780078
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0078005D
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0078004C
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780F83
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780F9E
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F5E
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007800A6
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800CB
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F3C
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00780F0D
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00780025
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00780089
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00780FC0
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00780F4D
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0077002C
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00770F80
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0077001B
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00770F9B
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0077003D
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00770FB6
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C3004A
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C3002F
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30F61
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30F7C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C30FA8
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C30F04
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30F1F
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C30078
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C30067
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C30EC4
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C30F97
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C30F30
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C30FCA
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C30EE9
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009D0FAF
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009D004A
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009D0FDB
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009D002F
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 009D0F8D
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ BD, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009D0F9E
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 009E0FE5
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 009E0FCA
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 009E0FAF
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0073
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0058
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0047
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F94
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00AB
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A009A
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00EB
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00DA
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00FC
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F63
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F52
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0029002F
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290076
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FD4
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0029000A
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0029005B
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0029004A
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FC3
.text C:\WINDOWS\System32\svchost.exe[3416] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0000
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0062
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F6D
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F94
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F24
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F41
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0EF8
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F09
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00AC
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0047
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!CreateFileW
  • 0

#50
JSntgRvr
Posted 04 September 2008 - 03:26 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
You are experiencing these errors for a long time. Was McAfee always your Antivirus?
  • 0

#51
Xad
Posted 05 September 2008 - 07:56 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Yes, I think so.
  • 0

#52
JSntgRvr
Posted 06 September 2008 - 05:09 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
In your position I would remove McAfee and test the computer without it. It could be the source of your problems. There are many options you can use as an alternate Antivirus such as AVAST.

Keep me posted.
  • 0

#53
Xad
Posted 06 September 2008 - 11:26 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Well, I switched to avast! and it could just be a coincidence, but I haven't received a DrWatson error upon startup recently.

What has been happening recently (this happened before I switched antiviruses, too) is that soon after the computer starts up, any time a new window is opened a DrWtsn32.exe process to run in the Task Manager, which will freeze explorer.exe for a few seconds, and then it will disappear, and explorer.exe restarts. However, which programs this effects seems to be random, and after it happens once to a program, it usually doesn't happen again until rebooting. It seems that sometimes this goes "wrong" and then I receive the regular error about DrWatson.exe being unable to respond. I might be wrong, but it seems that the longer the computer is on, the less likely this is to occur.
  • 0

#54
JSntgRvr
Posted 07 September 2008 - 05:06 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Keep AVAST no matter what. It uses less resources. Run Hijackthis and save the log. Post its contents in a reply.

In occasions McAfee will fail to completely uninstall and that could give you problems.
  • 0

#55
Xad
Posted 07 September 2008 - 05:25 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:25 PM, on 9/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Avast4\aswUpdSv.exe
E:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
E:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Michael.AWESOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\explorer.exe
E:\Program Files\Avast4\ashWebSv.exe
E:\Program Files\Steam\steam.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Michael.AWESOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136740164140
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10171 bytes
  • 0

Advertisements

#56
JSntgRvr
Posted 07 September 2008 - 10:24 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
The log looks good and free of McAfee. Lets see if it holds.

Keep me posted
  • 0

#57
Xad
Posted 09 September 2008 - 03:27 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Well, after restarting my computer again, nothing seems to have changed. I still experience the same problems as I did in my previous post. It really seems like there's just something wrong with explorer.exe, because the errors most often pop up whenever explorer.exe has to open a new window, or update the status bar or something.
  • 0

#58
JSntgRvr
Posted 09 September 2008 - 06:46 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Xad :)

I am as puzzled as you are.

Download Getservices.zip from Here and extract the zip file to your C: drive. Once it is extracted there will be a directory on your C: drive called getservice. Inside the C:\getservice directory will be a file called getservice.bat . Simply double-click on the getservice.bat file and when it is completed a notepad will open with a lot of information. Save this document to your desktop and attach it to a reply.

Download pv.zip from Here and extract the zip file to your C: drive. Once it is extracted there will be a directory on your C: drive called PV. Inside the C:\PV directory will be a file called runme.bat . Simply double-click on the runme.bat file. A dos window will open. Select option 1 for explorer dlls by typing 1 and then pressing enter. Notepad will open with a log in it. Copy,. paste or attach the log into this thread. . Please do option 2 for Internet Explorer dlls too.
  • 0

#59
Xad
Posted 09 September 2008 - 08:44 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Module information for 'explorer.exe'
MODULE BASE SIZE PATH
explorer.exe 1000000 1044480 C:\WINDOWS\explorer.exe 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 716800 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5512 (xpsp.080413-2111) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5512 (xpsp.080413-2113) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5512 (xpsp.080413-2108) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5512 (xpsp.080413-2113) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5512 (xpsp.080413-2105) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5512 (xpsp.080413-0852) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5512 (xpsp.080413-2113) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 78050000 851968 C:\WINDOWS\system32\WININET.dll 7.00.6000.16705 (vista_gdr.080618-1506) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 78000000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.16705 (vista_gdr.080618-1506) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINDOWS\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.5512 (xpsp.080413-2105) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
nview.dll 10000000 1511424 C:\WINDOWS\system32\nview.dll
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1100000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
ACTXPRXY.DLL 71d40000 110592 C:\WINDOWS\system32\ACTXPRXY.DLL 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
events.dll 16000000 163840 E:\Program Files\Trillian\events.dll 3, 1, 10, 0 Trillian Event Control
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
MSVCR71.dll 7c340000 352256 E:\Program Files\Trillian\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
ieframe.dll 42ef0000 6082560 C:\WINDOWS\system32\ieframe.dll 7.00.6000.16705 (vista_gdr.080618-1506) Internet Explorer
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
urlmon.dll 78130000 1208320 C:\WINDOWS\system32\urlmon.dll 7.00.6000.16705 (vista_gdr.080618-1506) OLE32 Extensions for Win32
ws2_32.dll 71ab0000 94208 C:\WINDOWS\system32\ws2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
ZShext.dll 2470000 143360 C:\Program Files\Common Files\Zinio\ZShext.dll 3.6.0.4772 Zinio Reader Shell Extension Module
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
webcheck.dll 42e40000 245760 C:\WINDOWS\system32\webcheck.dll 7.00.6000.16705 (vista_gdr.080618-1506) Web Site Monitor
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
LMIRfsClientNP.dll 2290000 81920 C:\WINDOWS\system32\LMIRfsClientNP.dll 2.1.3.0 LogMeIn Rfs Client Network Provider
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft ® C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
fxsst.dll 68df0000 577536 C:\WINDOWS\system32\fxsst.dll 5.2.2600.5512 (xpsp.080413-0852) Fax Service
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
FXSAPI.dll 5a980000 466944 C:\WINDOWS\system32\FXSAPI.dll 5.2.2600.5512 (xpsp.080413-0852) Microsoft Fax API Support DLL
rarext.dll 13d0000 188416 E:\Program Files\WinRAR\rarext.dll
mbamext.dll 1490000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 1, 0, 0 Malwarebytes' Anti-Malware
ashShell.dll 64f00000 73728 E:\Program Files\Avast4\ashShell.dll 4, 8, 1227, 0 avast! Shell Extension
SASCTXMN.DLL 1400000 61440 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL 1, 0, 0, 1004 SUPERAntiSpyware Context Menu Extension
spywareguard.dll 22200000 126976 C:\Program Files\SpywareGuard\spywareguard.dll 2.02 SpywareGuard Protection
MSVBVM60.DLL 73420000 1388544 C:\WINDOWS\system32\MSVBVM60.DLL 6.00.9802 Visual Basic Virtual Machine
SASSEH.DLL 1800000 81920 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL 1, 0, 0, 1012 ShellExecuteHook
LaunchPad.dll 1f30000 634880 C:\Program Files\VDMSound\LaunchPad.dll 1, 0, 1, 3 VDMSound LaunchPad Shell Extension
DSOUND.dll 73f10000 376832 C:\WINDOWS\system32\DSOUND.dll 5.3.2600.5512 (xpsp.080413-0845) DirectSound
dlprotect.dll 11000000 192512 C:\Program Files\SpywareGuard\dlprotect.dll 2.02 SpywareGuard Download Protection
MSGINA.dll 75970000 1015808 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.5512 (xpsp.080413-2113) Windows NT Logon GINA DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Driver Manager
odbcint.dll 26d0000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Resources
wiashext.dll 593f0000 598016 C:\WINDOWS\system32\wiashext.dll 5.1.2600.5512 (xpsp.080413-0852) Imaging Devices Shell Folder UI
gdiplus.dll 4ec50000 1728512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 5.1.3102.5512 (xpsp.080413-2105) Microsoft GDI+
sti.dll 73ba0000 77824 C:\WINDOWS\system32\sti.dll 5.1.2600.5512 (xpsp.080413-0852) Still Image Devices client DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\system32\CFGMGR32.dll 5.1.2600.5512 (xpsp.080413-2111) Configuration Manager Forwarder DLL
PDFShell.dll 38e0000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 8.1.0.0 PDF Shell Extension
MSVCR80.dll 3940000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 8.00.50727.1433 Microsoft® C Runtime Library
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft ® Shell Extension for Windows Script Host




Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IEXPLORE.EXE 400000 634880 C:\Program Files\Internet Explorer\IEXPLORE.EXE 7.00.6000.16705 (vista_gdr.080618-1506) Internet Explorer
ntdll.dll 7c900000 716800 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5512 (xpsp.080413-2111) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5512 (xpsp.080413-2113) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5512 (xpsp.080413-2108) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5512 (xpsp.080413-2113) Security Support Provider Interface
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5512 (xpsp.080413-2105) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Shell Common Dll
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
urlmon.dll 78130000 1208320 C:\WINDOWS\system32\urlmon.dll 7.00.6000.16705 (vista_gdr.080618-1506) OLE32 Extensions for Win32
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512
iertutil.dll 78000000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.16705 (vista_gdr.080618-1506) Run time utility for Internet Explorer
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINDOWS\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.5512 (xpsp.080413-2105) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
IEFRAME.dll 42ef0000 6082560 C:\WINDOWS\system32\IEFRAME.dll 7.00.6000.16705 (vista_gdr.080618-1506) Internet Explorer
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
nview.dll 10000000 1511424 C:\WINDOWS\system32\nview.dll
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
xpsp2res.dll d50000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700
IEUI.dll 5dff0000 192512 C:\WINDOWS\system32\IEUI.dll 7.00.5730.11 (winmain(wmbla).061017-1135) Internet Explorer UI Engine
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
gdiplus.dll 4ec50000 1728512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 5.1.3102.5512 (xpsp.080413-2105) Microsoft GDI+
xmllite.dll 47060000 135168 C:\WINDOWS\system32\xmllite.dll 1.00.1018.0 Microsoft XmlLite Library
msimtf.dll 746f0000 172032 C:\WINDOWS\system32\msimtf.dll 5.1.2600.5512 (xpsp.080413-2105) Active IMM Server DLL
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
WININET.dll 78050000 851968 C:\WINDOWS\system32\WININET.dll 7.00.6000.16705 (vista_gdr.080618-1506) Internet Extensions for Win32
Normaliz.dll 16b0000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
ws2_32.dll 71ab0000 94208 C:\WINDOWS\system32\ws2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
ieproxy.dll 61930000 303104 C:\Program Files\Internet Explorer\ieproxy.dll 7.00.5730.11 (winmain(wmbla).061017-1135) IE ActiveX Interface Marshaling Library
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
events.dll 16000000 163840 E:\Program Files\Trillian\events.dll 3, 1, 10, 0 Trillian Event Control
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
MSVCR71.dll 7c340000 352256 E:\Program Files\Trillian\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
googletoolbar3.dll 1ea0000 3665920 c:\program files\google\googletoolbar3.dll 4, 0, 1601, 4978 Google IE Client Toolbar
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5512 (xpsp.080413-0852) ASN.1 Runtime APIs
imagehlp.dll 76c90000 163840 C:\WINDOWS\system32\imagehlp.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
msxml3.dll 74980000 1126400 C:\WINDOWS\system32\msxml3.dll 8.90.1101.0 MSXML 3.0 SP9
DBGHELP.DLL 59a60000 659456 C:\WINDOWS\system32\DBGHELP.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Image Helper
netapi32.dll 5b860000 348160 C:\WINDOWS\system32\netapi32.dll 5.1.2600.5512 (xpsp.080413-2113) Net Win32 API DLL
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
LMIRfsClientNP.dll 29c0000 81920 C:\WINDOWS\system32\LMIRfsClientNP.dll 2.1.3.0 LogMeIn Rfs Client Network Provider
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows™ Telephony API Client DLL
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
msv1_0.dll 77c70000 147456 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Authentication Package v1.0
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
shgina.dll 73d70000 77824 C:\WINDOWS\system32\shgina.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Shell User Logon
MSGINA.dll 75970000 1015808 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.5512 (xpsp.080413-2113) Windows NT Logon GINA DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Driver Manager
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
odbcint.dll 2f20000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Resources
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.5512 (xpsp.080413-2108) SENS Connectivity API DLL
Audiodev.dll 92d0000 495616 C:\WINDOWS\system32\Audiodev.dll 5.2.3790.3646 built by: DNSRV(bld4act) Portable Media Devices Shell Extension
WMVCore.DLL 86c0000 2375680 C:\WINDOWS\system32\WMVCore.DLL 10.00.00.3702 built by: dnsrv(bld4act) Windows Media Playback/Authoring DLL
WMASF.DLL 70d0000 241664 C:\WINDOWS\system32\WMASF.DLL 10.00.00.4060 built by: Microsoft Windows Media ASF DLL
wiashext.dll 593f0000 598016 C:\WINDOWS\system32\wiashext.dll 5.1.2600.5512 (xpsp.080413-0852) Imaging Devices Shell Folder UI
sti.dll 73ba0000 77824 C:\WINDOWS\system32\sti.dll 5.1.2600.5512 (xpsp.080413-0852) Still Image Devices client DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\system32\CFGMGR32.dll 5.1.2600.5512 (xpsp.080413-2111) Configuration Manager Forwarder DLL
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) DNS Client API DLL
dlprotect.dll 11000000 192512 C:\Program Files\SpywareGuard\dlprotect.dll 2.02 SpywareGuard Download Protection
MSVBVM60.DLL 73420000 1388544 C:\WINDOWS\system32\MSVBVM60.DLL 6.00.9802 Visual Basic Virtual Machine
ssv.dll 6d7c0000 503808 C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 6.0.70.6 Java™ Platform SE binary
swg.dll 3610000 753664 C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll 3, 1, 807, 1746 GoogleToolbarNotifier
ACTXPRXY.DLL 71d40000 110592 C:\WINDOWS\system32\ACTXPRXY.DLL 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library

Attached Files


  • 0

#60
JSntgRvr
Posted 10 September 2008 - 08:06 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Xad, there is nothing in those logs out of the ordinary. I would suggest you open a topic in the software forum (Windows XP) and allow one of the techs take a look at your situation. Whatever is causing this issue is not showing. The XP forum is the right way to go.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP