Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New HiJackThis Log - brastk and/or karna?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: New HiJackThis Log - brastk and/or karna?

Unread postby raktball » December 2nd, 2008, 3:56 pm

Some very odd behavior, I cannot copy any of the log.txt files to my usb drive to get them to my working pc in order to psot them here. Copying the info.txt files causes no problems. To get around this I'm temproarily connecting to the network and emailing the files to my working pc.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tony at 2008-12-02 11:47:13
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (14%) free of 114 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:47 AM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Music Now\MusicNow.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Tony\Desktop\RSIT.exe
C:\DOCUME~1\Tony\LOCALS~1\Temp\Temporary Directory 3 for HiJackThis.zip\Tony.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Music Now] C:\Program Files\Music Now\MusicNow.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://support.dell.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00003/chm.chm::/files/initial.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/4/download/pdpp ... 3v0p10.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 10735 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (D1PR0F21-Tony).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{2FACE13A-C328-4F57-9E48-58DDA4EF5DAF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2004-03-25 684032]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [2000-06-07 36864]
"LXSUPMON"=C:\WINDOWS\System32\LXSUPMON.EXE [2002-03-29 794112]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2003-06-22 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"Music Now"=C:\Program Files\Music Now\MusicNow.exe [2006-08-23 913016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"nwiz"=nwiz.exe /install []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [2008-03-20 442499]
"MaxtorOneTouch"=C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [2004-12-22 823296]
"MXOBG"=C:\WINDOWS\MXOALDR.EXE [2008-09-09 94208]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2005-09-07 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe

C:\Documents and Settings\Tony\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"SpecifyDefaultButtons"=0
"Btn_Search"=0
"NoBandCustomize"=0
"NoToolbarCustomize"=0
"NoWindowsUpdate"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Support.com\bin\tgcmd.exe"="C:\Program Files\Support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-02 10:35:44 ----D---- C:\rsit
2008-12-01 10:51:10 ----D---- C:\Program Files\Trend Micro
2008-11-26 12:39:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-26 12:39:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-21 15:45:20 ----D---- C:\Documents and Settings\Tony\Application Data\MalwareRemovalBot
2008-11-21 15:45:12 ----D---- C:\Program Files\MalwareRemovalBot
2008-11-21 14:48:34 ----D---- C:\Binaries
2008-11-21 14:42:58 ----D---- C:\Program Files\Webroot
2008-11-21 14:42:58 ----D---- C:\Documents and Settings\Tony\Application Data\Webroot
2008-11-21 14:42:58 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-11-21 14:42:58 ----A---- C:\WINDOWS\WRSetup.dll
2008-11-21 11:34:26 ----A---- C:\WINDOWS\system32\delself.bat
2008-11-12 16:02:20 ----A---- C:\WINDOWS\system32\wrLZMA.dll
2008-11-12 16:02:12 ----A---- C:\WINDOWS\system32\SsiEfr.exe
2008-11-12 15:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 15:42:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 15:40:29 ----D---- C:\Program Files\MSXML 4.0
2008-11-09 19:09:18 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-04 09:59:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 09:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-04 09:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 09:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 09:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 09:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-12-02 11:22:15 ----D---- C:\WINDOWS\Temp
2008-12-02 11:19:20 ----D---- C:\WINDOWS
2008-12-01 23:37:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-01 16:47:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 10:51:17 ----D---- C:\Program Files
2008-12-01 10:34:52 ----D---- C:\WINDOWS\Minidump
2008-11-26 14:09:41 ----D---- C:\WINDOWS\Prefetch
2008-11-25 11:27:05 ----D---- C:\WINDOWS\Debug
2008-11-25 11:24:06 ----D---- C:\WINDOWS\pss
2008-11-24 10:39:10 ----SHD---- C:\System Volume Information
2008-11-24 10:39:10 ----D---- C:\WINDOWS\system32\Restore
2008-11-24 10:30:48 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-24 10:26:41 ----D---- C:\Documents and Settings
2008-11-24 10:16:41 ----D---- C:\WINDOWS\SYSTEM32
2008-11-22 10:33:16 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-21 16:19:14 ----D---- C:\WINDOWS\Help
2008-11-21 15:46:41 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-21 15:45:20 ----SD---- C:\WINDOWS\Tasks
2008-11-21 15:45:15 ----SHD---- C:\WINDOWS\Installer
2008-11-21 15:45:15 ----HD---- C:\Config.Msi
2008-11-21 15:37:12 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-21 15:36:45 ----HD---- C:\WINDOWS\INF
2008-11-21 15:30:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-21 14:36:19 ----D---- C:\WINDOWS\network diagnostic
2008-11-21 13:16:08 ----D---- C:\My Games
2008-11-14 08:50:02 ----D---- C:\Program Files\McAfee
2008-11-12 15:43:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 15:40:39 ----D---- C:\WINDOWS\WinSxS
2008-11-05 09:57:36 ----D---- C:\Documents and Settings\Tony\Application Data\AdobeUM
2008-11-04 14:25:40 ----D---- C:\Program Files\Internet Explorer
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-03-25 62288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-03-25 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-03-25 241280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-03-25 144250]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-03-25 206464]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2005-02-15 8413]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-03-25 25930]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-09-06 28276]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.; \??\C:\WINDOWS\system32\Drivers\OA002Afx.sys []
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\OA002Ufd.sys [2008-03-24 142432]
R3 OA002Vid;Creative Camera OA002 Function Driver; C:\WINDOWS\system32\DRIVERS\OA002Vid.sys [2008-03-24 265568]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-09-27 9856]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual; C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WISTechVIDCAP;Dazzle DVC170; C:\WINDOWS\system32\drivers\wisgostrm.sys [2006-11-03 226816]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-03-25 30662]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MXOFX;USB Storage Adapter FX (MXO); C:\WINDOWS\system32\DRIVERS\MXOFX.SYS [2003-10-10 32640]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2004-10-07 15360]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 pnicml;pnicml; \??\C:\DOCUME~1\Tony\LOCALS~1\Temp\pnicml.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-03 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-03 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-03-29 287744]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-10 792696]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-11-13 1086840]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-16 605512]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-29 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------
raktball
Regular Member
 
Posts: 23
Joined: November 24th, 2008, 3:14 pm
Advertisement
Register to Remove

Re: New HiJackThis Log - brastk and/or karna?

Unread postby Shaba » December 2nd, 2008, 4:14 pm

* Download GMER from
here:
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New HiJackThis Log - brastk and/or karna?

Unread postby raktball » December 2nd, 2008, 4:20 pm

Although I am a local admin and signed on as administrator, gmer.exe will not run. I see it in the task manager but with no CPU and nothing actually starts up (I assume there should be some user interface with the rootkit tab?)
raktball
Regular Member
 
Posts: 23
Joined: November 24th, 2008, 3:14 pm

Re: New HiJackThis Log - brastk and/or karna?

Unread postby Shaba » December 3rd, 2008, 5:38 am

Please rename it and tell me if it now runs.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New HiJackThis Log - brastk and/or karna?

Unread postby raktball » December 3rd, 2008, 12:50 pm

You guys are good! Renamed gmer.exe and it started. Prior to being able to choose rootkit tab it came back with the message:
Warning! GMER has found system modification which may have been caused by rootkit activity. Do you want to fully scan your system?
I assume yes but will await your response prior to running.
Thanks.
raktball
Regular Member
 
Posts: 23
Joined: November 24th, 2008, 3:14 pm

Re: New HiJackThis Log - brastk and/or karna?

Unread postby Shaba » December 3rd, 2008, 12:59 pm

Yes full scan is needed so choose yes :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New HiJackThis Log - brastk and/or karna?

Unread postby raktball » December 3rd, 2008, 1:20 pm

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-03 09:13:24
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 86FE34B0 ZwAllocateVirtualMemory
SSDT 86FAB180 ZwCreateKey
SSDT 86FA8E70 ZwCreateProcess
SSDT 86FA8DF8 ZwCreateProcessEx
SSDT 86FE01D0 ZwCreateThread
SSDT 86F6BE18 ZwDeleteKey
SSDT 86FCEAD0 ZwDeleteValueKey
SSDT 86FA9B30 ZwQueueApcThread
SSDT 86FE33C0 ZwReadVirtualMemory
SSDT 86FA21F0 ZwRenameKey
SSDT 86FA9C20 ZwSetContextThread
SSDT 86FE9C30 ZwSetInformationKey
SSDT 86FAA588 ZwSetInformationProcess
SSDT 86FA9C98 ZwSetInformationThread
SSDT 86FE1020 ZwSetValueKey
SSDT 86FE0248 ZwSuspendProcess
SSDT 86FA9BA8 ZwSuspendThread
SSDT 86FAA600 ZwTerminateProcess
SSDT 86FE0158 ZwTerminateThread
SSDT 86FE3438 ZwWriteVirtualMemory

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF52559C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF5255B0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF5255AEF]
Code E192E210 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF5255A08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF5255B34]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF5255A4B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF5255950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF5255964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF52559DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF5255B70]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF5255AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF5255AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF5255B5C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF5255B48]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF5255B1E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF5255A1E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF52559F2]
Code F5514EAB pIofCallDriver
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 445 804E2AA1 3 Bytes [ 9B, FA, 86 ]
.text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP F52559F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80567D7B 5 Bytes JMP F5255A4F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056B183 4 Bytes JMP F5255AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey + 5 8056B188 2 Bytes [ 90, 90 ]
PAGE ntoskrnl.exe!ZwQueryKey 8056EC39 7 Bytes JMP F5255B74 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 5 Bytes JMP F5255B0E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056FC78 5 Bytes JMP F52559CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571F71 5 Bytes JMP F5255A22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805723EC 7 Bytes JMP F5255A0C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80572D86 5 Bytes JMP F5255954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80573135 7 Bytes JMP F52559E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP E192E214
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057FC04 7 Bytes JMP F5255AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058C892 5 Bytes JMP F5255968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80590EA2 5 Bytes JMP F5255B38 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064C0D2 5 Bytes JMP F5255B4C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064C3A7 7 Bytes JMP F5255B22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064CC74 7 Bytes JMP F5255ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064D5AE 5 Bytes JMP F5255B60 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006D007F
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006D006E
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006D0F94
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006D0051
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006D0036
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006D00A1
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006D0090
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006D00BC
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006D0F19
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 006D0EFE
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 006D0FAF
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 006D0F65
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 006D0FCA
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 006D001B
.text C:\WINDOWS\System32\svchost.exe[460] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 006D0F34
.text C:\WINDOWS\System32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006C003D
.text C:\WINDOWS\System32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006C0084
.text C:\WINDOWS\System32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006C002C
.text C:\WINDOWS\System32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006C0011
.text C:\WINDOWS\System32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006C0FC7
.text C:\WINDOWS\System32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006C0069
.text C:\WINDOWS\System32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006C0000
.text C:\WINDOWS\System32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006C004E
.text C:\WINDOWS\System32\svchost.exe[460] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006A000A
.text C:\WINDOWS\System32\svchost.exe[460] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006D0076
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006D005B
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006D0F8D
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006D0FA8
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006D002F
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006D0F52
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006D0098
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006D0F30
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006D0F41
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 006D00DA
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 006D004A
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 006D0FDE
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 006D0087
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 006D001E
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 006D0FC3
.text C:\WINDOWS\System32\svchost.exe[588] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 006D00B5
.text C:\WINDOWS\System32\svchost.exe[588] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006C0025
.text C:\WINDOWS\System32\svchost.exe[588] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006C006C
.text C:\WINDOWS\System32\svchost.exe[588] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[588] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006C0FD4
.text C:\WINDOWS\System32\svchost.exe[588] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006C0FB9
.text C:\WINDOWS\System32\svchost.exe[588] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006C005B
.text C:\WINDOWS\System32\svchost.exe[588] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[588] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006C0040
.text C:\WINDOWS\System32\svchost.exe[588] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[588] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 006A0000
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D60FE5
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D60F77
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D6006C
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D60F94
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D60FA5
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D6002C
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D600B5
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D600A4
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D600EB
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D600DA
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00D60106
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00D6003D
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00D60000
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00D60087
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00D60FB6
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00D60011
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00D60F52
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00D40FB9
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00D4005B
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00D40FCA
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00D40040
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00D40025
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00D40FA8
.text C:\WINDOWS\System32\svchost.exe[708] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\System32\svchost.exe[708] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D5000A
.text C:\WINDOWS\System32\svchost.exe[708] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D50025
.text C:\WINDOWS\System32\svchost.exe[708] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D50FCA
.text C:\WINDOWS\System32\svchost.exe[708] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D20000
.text C:\WINDOWS\System32\svchost.exe[708] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00D2001B
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FE00A7
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FE0082
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FE0FA8
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FE0054
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FE0F70
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FE0F97
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FE00EE
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FE0F5F
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00FE0F3A
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00FE0065
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00FE0014
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00FE00B8
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00FE0039
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00FE00D3
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BB003D
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BB0FC7
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BB002C
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BB0084
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BB0069
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BB0058
.text C:\WINDOWS\system32\services.exe[788] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\system32\services.exe[788] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001C0073
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001C0F7E
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001C0058
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001C0F9B
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001C0FC0
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001C0F63
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001C009F
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001C0F3E
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001C00D7
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001C0F23
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001C003D
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001C0084
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001C0FDB
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001C002C
.text C:\WINDOWS\system32\wuauclt.exe[792] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001C00C6
.text C:\WINDOWS\system32\wuauclt.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002B0FA8
.text C:\WINDOWS\system32\wuauclt.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002B0014
.text C:\WINDOWS\system32\wuauclt.exe[792] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002B0F72
.text C:\WINDOWS\system32\wuauclt.exe[792] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002B0F8D
.text C:\WINDOWS\system32\wuauclt.exe[792] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\wuauclt.exe[792] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\wuauclt.exe[792] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\system32\wuauclt.exe[792] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\wuauclt.exe[792] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\wuauclt.exe[792] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F10087
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F10076
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F10065
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F10FA8
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F10025
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F100BA
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F100A9
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F100DF
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F10F46
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F10F2B
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F1004A
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F10FDB
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F10098
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F10FB9
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F10FCA
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F10F57
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F00FCA
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F00F8A
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F00025
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F00014
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F00F9B
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F00047
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F00036
.text C:\WINDOWS\system32\lsass.exe[800] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00EE000A
.text C:\WINDOWS\system32\lsass.exe[800] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00EE0025
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E30051
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E30040
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E3002F
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E30014
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E30F8D
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E30F26
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E3006E
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E30093
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E30F04
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00E300AE
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00E30F7C
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00E30F37
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00E30FA8
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00E30FCD
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00E30F15
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00E10FDE
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00E10054
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00E1002F
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00E10FA1
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00E10FB2
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00E10FCD
.text C:\WINDOWS\system32\svchost.exe[968] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[968] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E20011
.text C:\WINDOWS\system32\svchost.exe[968] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E2002C
.text C:\WINDOWS\system32\svchost.exe[968] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00E20047
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0124000A
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01240076
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01240065
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01240F8B
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01240FB2
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01240040
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 012400B8
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0124009D
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 012400E4
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 012400D3
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 01240F30
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01240FC3
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0124001B
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 01240F66
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 01240FD4
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 01240FE5
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 01240F55
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0122003D
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01220084
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0122002C
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01220011
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01220069
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01220FD1
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01220000
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0122004E
.text C:\WINDOWS\system32\svchost.exe[1028] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01230FEF
.text C:\WINDOWS\system32\svchost.exe[1028] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01230FD4
.text C:\WINDOWS\system32\svchost.exe[1028] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01230000
.text C:\WINDOWS\system32\svchost.exe[1028] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 0123001B
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01200FEF
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 01200000
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A40F88
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A4007D
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A40F99
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A40058
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A400B3
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A40F6B
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A40F21
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A40F46
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A400D5
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A40047
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A40098
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A400C4
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A30FCA
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A3006C
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A30FDB
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A30011
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A30051
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A30FAF
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01EC0FEF
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01EC0F68
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01EC0F83
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01EC005B
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01EC004A
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01EC0FB2
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01EC0089
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01EC0F41
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01EC00BF
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01EC0F26
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 01EC0F0B
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01EC0039
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 01EC000A
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 01EC0078
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 01EC0FCD
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 01EC0FDE
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 01EC00A4
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01EA0036
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01EA0098
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01EA001B
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01EA0000
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01EA0073
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01EA0062
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01EA0FE5
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01EA0047
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01EB0FEF
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01EB000A
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01EB0025
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01EB0FCA
.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01E00FE5
.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 01E00000
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00790FEF
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00790F77
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00790F92
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00790FB9
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00790FD4
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0079005B
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00790F50
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00790098
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00790F35
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007900CE
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 007900DF
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0079006C
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0079000A
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00790087
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00790040
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0079001B
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 007900B3
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0078002F
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00780091
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00780014
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00780FDE
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00780080
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00780065
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00780FEF
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00780054
.text C:\WINDOWS\System32\svchost.exe[1216] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00760FEF
.text C:\WINDOWS\System32\svchost.exe[1216] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00760FD4
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D20000
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D20F9E
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D20FB9
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D20FCA
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D20087
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D20047
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D20F68
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D20F83
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D200DC
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D20F43
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00D20F28
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00D20062
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00D200AE
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00D2002C
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00D2001B
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00D200CB
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00D00F83
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00D0000A
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00D00040
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00D00F9E
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00D00025
.text C:\WINDOWS\System32\svchost.exe[1308] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\System32\svchost.exe[1308] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00CE0000
.text C:\WINDOWS\System32\svchost.exe[1308] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\System32\svchost.exe[1308] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D1000A
.text C:\WINDOWS\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D1001B
.text C:\WINDOWS\System32\svchost.exe[1308] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D10FC0
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C10076
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C10F81
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C10F92
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C10051
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C10FCA
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C10F4B
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C10F5C
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C10F1F
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C10F30
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C10F04
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C10FAF
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C10087
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C100A4
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BF0022
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BF0098
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BF007D
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BF0062
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BF003D
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00BD001B
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00ED0F79
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00ED0078
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00ED0FAF
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00ED0047
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00ED0F30
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00ED0F57
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00ED00AE
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00ED0F1F
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00ED00C9
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00ED0FC0
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00ED0000
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00ED0F68
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00ED002C
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00ED001B
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00ED0093
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00EB0FCA
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00EB0F79
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00EB001B
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00EB000A
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00EB0F94
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00EB0036
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00EB0FB9
.text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00EC0000
.text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00EC0FE5
.text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00EC001B
.text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00EC0FCA
.text C:\WINDOWS\System32\svchost.exe[1804] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[1804] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00930014
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1988] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1988] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[2376] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[2376] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[2376] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BF000A

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE3250
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 86FE3348
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 86FE3348
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE3250
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE3250
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 86FE3348
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 86FE3348
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 86FE3250
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 86FE3348
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE3250
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 86FE3348
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE3250
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 86FE3348
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 86FE3348
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE3250

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Ip 86C4EE48

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Tcp 86C4EE48

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp 86C4EE48

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\RawIp 86C4EE48

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\IPMULTICAST 86C4EE48

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\TDSSmqlt.sys (*** hidden *** ) F5513000-F5525000 (73728 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:388 F5515D66

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\TDSSmqlt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSlrvd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrsr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSrtqp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhyp.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkbi.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSlrvd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrsr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSrtqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhyp.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkbi.log
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 93
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid v3av
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.14 ----
raktball
Regular Member
 
Posts: 23
Joined: November 24th, 2008, 3:14 pm

Re: New HiJackThis Log - brastk and/or karna?

Unread postby Shaba » December 3rd, 2008, 1:30 pm

I will post you next instructions in PM shortly.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New HiJackThis Log - brastk and/or karna?

Unread postby raktball » December 3rd, 2008, 3:55 pm

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-03 11:51:17
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 86FAB1E8 ZwAllocateVirtualMemory
SSDT 86FAB440 ZwCreateKey
SSDT 86FAB9D8 ZwCreateProcess
SSDT 86FBF6F0 ZwCreateProcessEx
SSDT 86FAA458 ZwCreateThread
SSDT 86F73BD8 ZwDeleteKey
SSDT 86FCE878 ZwDeleteValueKey
SSDT 86FAB260 ZwQueueApcThread
SSDT 86FE1280 ZwReadVirtualMemory
SSDT 86FA5080 ZwRenameKey
SSDT 86FAB350 ZwSetContextThread
SSDT 86FE38C8 ZwSetInformationKey
SSDT 86FE18B0 ZwSetInformationProcess
SSDT 86FAB3C8 ZwSetInformationThread
SSDT 86F8A130 ZwSetValueKey
SSDT 86FE1838 ZwSuspendProcess
SSDT 86FAB2D8 ZwSuspendThread
SSDT 86FBF678 ZwTerminateProcess
SSDT 86FAA3E0 ZwTerminateThread
SSDT 86FE1020 ZwWriteVirtualMemory

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF501F9C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF501FB05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF501FAEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF501FA08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF501FB31]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF501FA4B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF501F950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF501F964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF501F9DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF501FB6D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF501FAD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF501FAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF501FB59]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF501FB45]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF501FB1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF501FA1E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF501F9F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP F501F9F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80567D7B 5 Bytes JMP F501FA4F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056B183 4 Bytes JMP F501FAC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey + 5 8056B188 2 Bytes [ 90, 90 ]
PAGE ntoskrnl.exe!ZwQueryKey 8056EC39 7 Bytes JMP F501FB71 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 7 Bytes JMP F501FB09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056FC78 5 Bytes JMP F501F9CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571F71 5 Bytes JMP F501FA22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805723EC 7 Bytes JMP F501FA0C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80572D86 5 Bytes JMP F501F954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80573135 7 Bytes JMP F501F9E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057FC04 7 Bytes JMP F501FAF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058C892 5 Bytes JMP F501F968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80590EA2 5 Bytes JMP F501FB35 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064C0D2 5 Bytes JMP F501FB49 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064C3A7 7 Bytes JMP F501FB1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064CC74 7 Bytes JMP F501FADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064D5AE 5 Bytes JMP F501FB5D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006B0F9E
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006B0FAF
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006B0089
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006B0062
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006B0FC0
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006B0F4D
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006B0F68
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006B0F0D
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006B00B0
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 006B00C1
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 006B0051
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 006B001B
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 006B0F79
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 006B0036
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\System32\svchost.exe[244] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 006B0F3C
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006A0FB9
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006A005B
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006A0FD4
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006A000A
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006A0040
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006A0F9E
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[244] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006A002F
.text C:\WINDOWS\System32\svchost.exe[244] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00680FE5
.text C:\WINDOWS\System32\svchost.exe[244] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00680FCA
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006B008E
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006B007D
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006B0F99
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006B0062
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006B0036
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006B00C6
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006B00AB
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006B010D
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006B00FC
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 006B0F4F
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 006B0047
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 006B0F74
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 006B0025
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 006B0FCA
.text C:\WINDOWS\System32\svchost.exe[448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 006B00E1
.text C:\WINDOWS\System32\svchost.exe[448] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006A0025
.text C:\WINDOWS\System32\svchost.exe[448] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006A0FA5
.text C:\WINDOWS\System32\svchost.exe[448] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006A0FD4
.text C:\WINDOWS\System32\svchost.exe[448] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006A000A
.text C:\WINDOWS\System32\svchost.exe[448] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006A0062
.text C:\WINDOWS\System32\svchost.exe[448] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006A0047
.text C:\WINDOWS\System32\svchost.exe[448] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[448] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006A0036
.text C:\WINDOWS\System32\svchost.exe[448] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00680000
.text C:\WINDOWS\System32\svchost.exe[448] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00680FE5
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A20000
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A20FA8
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A20FB9
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A20093
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A2006C
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A20047
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A200E9
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A20F97
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A20F61
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A200FA
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A20F50
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A20FCA
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A20011
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A200C2
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A20036
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A20F7C
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A10039
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A10FA8
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A10FDE
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A10065
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A10FCD
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A1000A
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A10054
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F70FA3
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F70FBE
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F70098
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F70087
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F7005B
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F700E9
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F700CE
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F7011C
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F7010B
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F70F68
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F7006C
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F70025
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F700BD
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F70036
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F700FA
.text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F60FC3
.text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F60F83
.text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F60040
.text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F60025
.text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F60FA8
.text C:\WINDOWS\system32\svchost.exe[660] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[660] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0007007A
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070069
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0007004E
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0007003D
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 000700C3
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 000700B2
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000700EF
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F56
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00070F45
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00070095
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 000700D4
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00060FA5
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00060F83
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00060F94
.text C:\WINDOWS\system32\services.exe[776] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[776] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00040FDE
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EB000A
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EB0F6D
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EB0062
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EB0047
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EB0F94
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EB0FAF
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EB0098
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EB007D
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EB0F24
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EB0F35
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00EB00D8
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00EB0036
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00EB0F52
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00EB0FCA
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00EB001B
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00EB00A9
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00EA0011
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00EA007D
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00EA0FC0
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00EA0FDB
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00EA0058
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00EA0047
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00EA002C
.text C:\WINDOWS\system32\lsass.exe[788] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\lsass.exe[788] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B10F79
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B1006E
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B10F8A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B10F9B
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B10036
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B10F5C
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B100A4
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B100D3
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B10F3A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00B100E4
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00B10047
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00B10011
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00B10093
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00B10FCA
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00B10FDB
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00B10F4B
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B00FA8
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B00F68
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B00FC3
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B00025
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B00F83
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B00014
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00AE001B
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009E007D
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009E0F88
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009E0FA5
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009E0FB6
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009E0047
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009E0F4B
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009E0F5C
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009E0F18
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009E0F29
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 009E0EFD
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 009E0058
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009E0F6D
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 009E002C
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 009E0FE5
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009E0F3A
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009D001E
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009D0F61
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009D0FC3
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009D0F86
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009D0FA1
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009D0FB2
.text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02600FEF
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0260008E
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02600FA3
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0260007D
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0260006C
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0260004A
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 026000BA
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0260009F
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 026000DC
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 026000CB
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 026000ED
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0260005B
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02600FD4
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02600F74
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02600025
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0260000A
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 02600F4D
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 025E0FEF
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 025E0FA8
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 025E0036
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 025E0025
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 025E0065
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 025E0FC3
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 025E0000
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 025E0FDE
.text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 025C0FEF
.text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 025C000A
.text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 025F0FE5
.text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 025F0000
.text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 025F0025
.text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 025F0FD4
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00770FEF
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00770F29
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00770F44
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00770F5F
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00770F7C
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00770FBC
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00770F07
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0077004F
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00770EC0
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00770ED1
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00770074
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00770F97
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0077000A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00770F18
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00770FCD
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00770FDE
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00770EEC
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00760022
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00760F91
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00760FDB
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00760011
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00760FA2
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0076004E
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00760000
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00760033
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00740000
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00740FE5
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D0000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D00084
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D00F8F
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D00073
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D00FB6
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D00051
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D000AB
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D00F63
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D00F2D
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D00F3E
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00D000EB
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00D00062
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00D0001B
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00D00F74
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00D00FDB
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00D0002C
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00D000BC
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00CE0FA8
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00CE0036
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00CE0FC3
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00CE0F83
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00CE0025
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00CE0014
.text C:\WINDOWS\System32\svchost.exe[1192] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CC0000
.text C:\WINDOWS\System32\svchost.exe[1192] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00CF000A
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00CF0025
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00860FE5
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00860F7E
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0086007D
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0086006C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00860051
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00860FC0
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00860F59
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008600AB
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00860F3E
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008600D7
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00860F23
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00860FAF
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00860000
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0086008E
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0086002C
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0086001B
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008600BC
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0085004A
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00850FC3
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00850FD4
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00850F97
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00850FA8
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00850FE5
.text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0085002F
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C5006C
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C50F77
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C50F94
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C50051
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C50FA5
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C50F5C
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C50098
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C500D0
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C500BF
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C500E1
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C5002C
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C50000
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C50087
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C50011
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C50FC0
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C50F37
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C40011
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C40F80
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C40FC0
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C40000
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C4003D
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C4002C
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C40FA5
.text C:\WINDOWS\System32\svchost.exe[1712] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C20000
.text C:\WINDOWS\System32\svchost.exe[1712] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00C2001B
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1868] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1868] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B009F
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0084
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0073
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0FB6
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FD1
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F6D
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F7E
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0F4B
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B00DA
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001B0F3A
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001B0058
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001B0F8F
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[3428] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001B0F5C
.text C:\WINDOWS\system32\wuauclt.exe[3428] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002A0025
.text C:\WINDOWS\system32\wuauclt.exe[3428] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002A0F8D
.text C:\WINDOWS\system32\wuauclt.exe[3428] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3428] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002A0014
.text C:\WINDOWS\system32\wuauclt.exe[3428] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\system32\wuauclt.exe[3428] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002A0040
.text C:\WINDOWS\system32\wuauclt.exe[3428] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3428] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3428] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 003B0000
.text C:\WINDOWS\system32\wuauclt.exe[3428] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 003B0011
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B004A
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F4B
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F5C
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0F79
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0F94
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0087
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0076
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B00B6
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F1D
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001B00D1
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001B0065
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001B0FC0
.text C:\WINDOWS\system32\wuauclt.exe[4076] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001B0F2E
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002A0040
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002A0091
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002A0076
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002A000A
.text C:\WINDOWS\system32\wuauclt.exe[4076] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002A0051

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE1110
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 86FE1208
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 86FE1208
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE1110
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE1110
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 86FE1208
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 86FE1208
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 86FE1110
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 86FE1208
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE1110
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 86FE1208
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE1110
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 86FE1208
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 86FE1208
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 86FE1110

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Ip 866AE700
Device \Driver\Tcpip \Device\Ip 86C090B0
Device \Driver\Tcpip \Device\Ip 86E96570
Device \Driver\Tcpip \Device\Ip 86BE9810

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Tcp 866AE700
Device \Driver\Tcpip \Device\Tcp 86C090B0
Device \Driver\Tcpip \Device\Tcp 86E96570
Device \Driver\Tcpip \Device\Tcp 86BE9810

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp 866AE700
Device \Driver\Tcpip \Device\Udp 86C090B0
Device \Driver\Tcpip \Device\Udp 86E96570
Device \Driver\Tcpip \Device\Udp 86BE9810

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\RawIp 866AE700
Device \Driver\Tcpip \Device\RawIp 86C090B0
Device \Driver\Tcpip \Device\RawIp 86E96570
Device \Driver\Tcpip \Device\RawIp 86BE9810

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\IPMULTICAST 866AE700
Device \Driver\Tcpip \Device\IPMULTICAST 86C090B0
Device \Driver\Tcpip \Device\IPMULTICAST 86E96570
Device \Driver\Tcpip \Device\IPMULTICAST 86BE9810
Device \FileSystem\Fastfat \Fat B47FAC8A
Device \FileSystem\Fastfat \Fat B4801821

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Services - GMER 1.0.14 ----

Service system32\drivers\TDSSmqlt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSlrvd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrsr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSrtqp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhyp.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkbi.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSlrvd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrsr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSrtqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhyp.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkbi.log
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.14 ----
raktball
Regular Member
 
Posts: 23
Joined: November 24th, 2008, 3:14 pm

Re: New HiJackThis Log - brastk and/or karna?

Unread postby Shaba » December 3rd, 2008, 4:04 pm

Let's do this next:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Link 1
Link 2
Link 3

Image

Image

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New HiJackThis Log - brastk and/or karna?

Unread postby raktball » December 3rd, 2008, 5:07 pm

Missed the naming instruction, renamed it gameboy.exe


ComboFix 08-12-02.02 - Tony 2008-12-03 12:35:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.623 [GMT -8:00]
Running from: c:\documents and settings\Tony\Desktop\Gameboy.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll
c:\windows\system32\av.dat
c:\windows\system32\DelSelf.bat
c:\windows\system32\QTWMCI32.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-03 10:19 . 2008-12-03 10:33 <DIR> d-------- C:\!KillBox
2008-12-02 10:35 . 2008-12-03 11:51 <DIR> d-------- C:\rsit
2008-12-01 10:51 . 2008-12-01 10:51 <DIR> d-------- c:\program files\Trend Micro
2008-11-26 13:48 . 2008-11-26 13:49 <DIR> d-------- c:\documents and settings\Sue\Application Data\MalwareRemovalBot
2008-11-26 12:39 . 2008-11-26 12:39 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-26 12:39 . 2008-11-26 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-24 13:23 . 2008-11-24 13:23 <DIR> d-------- c:\documents and settings\Administrator.D1PR0F21\Application Data\Share-to-Web Upload Folder
2008-11-24 10:26 . 2003-02-12 12:04 <DIR> d-------- c:\documents and settings\Administrator.D1PR0F21\Application Data\Roxio
2008-11-24 10:26 . 2008-11-24 10:26 <DIR> d-------- c:\documents and settings\Administrator.D1PR0F21
2008-11-21 15:45 . 2008-11-21 15:45 <DIR> d-------- c:\program files\MalwareRemovalBot
2008-11-21 15:45 . 2008-12-02 18:47 <DIR> d-------- c:\documents and settings\Tony\Application Data\MalwareRemovalBot
2008-11-21 14:48 . 2008-11-21 14:48 <DIR> d-------- C:\Binaries
2008-11-21 14:42 . 2008-11-21 14:42 <DIR> d-------- c:\program files\Webroot
2008-11-21 14:42 . 2008-11-21 14:42 <DIR> d-------- c:\documents and settings\Tony\Application Data\Webroot
2008-11-21 14:42 . 2008-11-25 11:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-11-21 14:42 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-11-12 16:02 . 2008-11-12 16:02 170,608 --a------ c:\windows\SYSTEM32\DRIVERS\ssidrv.sys
2008-11-12 16:02 . 2008-11-12 16:02 29,808 --a------ c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys
2008-11-12 16:02 . 2008-11-12 16:02 23,152 --a------ c:\windows\SYSTEM32\DRIVERS\sshrmd.sys
2008-11-12 15:40 . 2008-11-12 15:40 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-09 19:09 . 2008-11-09 19:09 <DIR> d-------- c:\windows\.jagex_cache_32
2008-11-09 19:09 . 2008-11-13 20:09 30 --a------ c:\documents and settings\Tony\jagex_runescape_preferences.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 16:50 --------- d-----w c:\program files\McAfee
2008-11-05 17:57 --------- d-----w c:\documents and settings\Tony\Application Data\AdobeUM
2008-11-01 17:55 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-27 04:44 --------- d-----w c:\documents and settings\Tony\Application Data\Image Zone Express
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:19 --------- d-----w c:\documents and settings\Tony\Application Data\Move Networks
2008-10-16 17:30 --------- d-----w c:\program files\iTunes
2008-10-16 17:30 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-16 17:29 --------- d-----w c:\program files\iPod
2008-10-13 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-09-18 05:04 2,256 ----a-w c:\windows\current_settings.bin
2008-09-16 22:31 97,632 ----a-w c:\documents and settings\Tony\Application Data\GDIPFONTCACHEV1.DAT
2008-09-10 05:20 94,208 ----a-w c:\windows\MXOALDR.EXE
2008-08-27 03:24 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-08-02 18:52 87,832 ----a-w c:\documents and settings\Sue\Application Data\GDIPFONTCACHEV1.DAT
2008-04-02 15:25 319 ---ha-w c:\documents and settings\Sue\hpothb07.dat
2007-08-16 23:37 96,184 -c--a-w c:\documents and settings\Andie\Application Data\GDIPFONTCACHEV1.DAT
2006-11-13 17:04 0 ----a-w c:\documents and settings\Christina\DesktopDoctor1.5.1.exe
2006-09-25 02:59 0 ----a-w c:\documents and settings\Sue\DesktopDoctor1.5.1.exe
2005-11-25 20:42 0 ----a-w c:\documents and settings\Andie\DesktopDoctor1.0.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2004-03-25 684032]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"LXSUPMON"="c:\windows\System32\LXSUPMON.EXE" [2002-03-29 794112]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-06-22 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Music Now"="c:\program files\Music Now\MusicNow.exe" [2006-08-23 913016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-03-20 442499]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 823296]
"MXOBG"="c:\windows\MXOALDR.EXE" [2008-09-09 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\SYSTEM32\nwiz.exe]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-05-27 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-02-12 45056]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-11-12 29808]
R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" [2008-11-21 1086840]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\c:\windows\system32\Drivers\OA002Afx.sys [2008-07-31 148056]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-07-31 142432]
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-07-31 265568]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2008-07-31 31616]
S3 pnicml;pnicml;\??\c:\docume~1\Tony\LOCALS~1\Temp\pnicml.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-02 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe [2008-11-19 10:11]

2008-12-02 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot [2008-11-21 15:45]

2008-11-09 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (1) (D1PR0F21-Tony).job
- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe []

2006-08-01 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-03 23:56]

2006-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-12-03 c:\windows\Tasks\User_Feed_Synchronization-{2FACE13A-C328-4F57-9E48-58DDA4EF5DAF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\5al16tks.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.comcast.net/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 12:49:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\SYSTEM32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-12-03 12:58:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 20:57:47

Pre-Run: 15,397,203,968 bytes free
Post-Run: 17,669,099,520 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

214 --- E O F --- 2008-11-21 23:18:24


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:29 PM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Music Now] C:\Program Files\Music Now\MusicNow.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://support.dell.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 10346 bytes
raktball
Regular Member
 
Posts: 23
Joined: November 24th, 2008, 3:14 pm

Re: New HiJackThis Log - brastk and/or karna?

Unread postby Shaba » December 4th, 2008, 4:27 am

Looks like pretty promising.

Please re-run gmer and post back its log next.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New HiJackThis Log - brastk and/or karna?

Unread postby raktball » December 4th, 2008, 12:56 pm

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-04 08:55:50
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 86FA9218 ZwAllocateVirtualMemory
SSDT 86FAB400 ZwCreateKey
SSDT 86FE36D8 ZwCreateProcess
SSDT 86FAB2A0 ZwCreateProcessEx
SSDT 86FAA450 ZwCreateThread
SSDT 86FCE020 ZwDeleteKey
SSDT 86FAB388 ZwDeleteValueKey
SSDT 86FA9290 ZwQueueApcThread
SSDT 86F734E8 ZwReadVirtualMemory
SSDT 86FC7B80 ZwRenameKey
SSDT 86FA9380 ZwSetContextThread
SSDT 86FE3180 ZwSetInformationKey
SSDT 86FE18B0 ZwSetInformationProcess
SSDT 86FAA360 ZwSetInformationThread
SSDT 86FE13B8 ZwSetValueKey
SSDT 86FE1838 ZwSuspendProcess
SSDT 86FA9308 ZwSuspendThread
SSDT 86FAB9D8 ZwTerminateProcess
SSDT 86FAA3D8 ZwTerminateThread
SSDT 86F73560 ZwWriteVirtualMemory

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF54429C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF5442B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF5442AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF5442A08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF5442B31]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF5442A4B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF5442950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF5442964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF54429DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF5442B6D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF5442AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF5442AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF5442B59]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF5442B45]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF5442B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF5442A1E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF54429F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP F54429F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80567D7B 5 Bytes JMP F5442A4F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056B183 4 Bytes JMP F5442AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey + 5 8056B188 2 Bytes [ 90, 90 ]
PAGE ntoskrnl.exe!ZwQueryKey 8056EC39 7 Bytes JMP F5442B71 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 7 Bytes JMP F5442B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056FC78 5 Bytes JMP F54429CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571F71 5 Bytes JMP F5442A22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805723EC 7 Bytes JMP F5442A0C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80572D86 5 Bytes JMP F5442954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80573135 7 Bytes JMP F54429E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057FC04 7 Bytes JMP F5442AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058C892 5 Bytes JMP F5442968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80590EA2 5 Bytes JMP F5442B35 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064C0D2 5 Bytes JMP F5442B49 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064C3A7 7 Bytes JMP F5442B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064CC74 7 Bytes JMP F5442ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064D5AE 2 Bytes JMP F5442B5D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey + 3 8064D5B1 2 Bytes [ DF, 74 ]

---- User code sections - GMER 1.0.14 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[440] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[440] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006B009D
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006B0082
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006B0FA8
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006B0FB9
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006B0040
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006B0F55
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006B0F72
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006B00D3
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006B00C2
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 006B00E4
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 006B005B
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 006B0F83
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 006B0FD4
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 006B0025
.text C:\WINDOWS\System32\svchost.exe[668] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 006B0F44
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006A002F
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006A0F83
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006A0FDE
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006A0014
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006A0F9E
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006A0FAF
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006A0040
.text C:\WINDOWS\System32\svchost.exe[668] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00680FE5
.text C:\WINDOWS\System32\svchost.exe[668] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0007003D
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F6F
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070084
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070073
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000700CB
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700BA
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 000700F0
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00070F48
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0007009F
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00060F72
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00060F83
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[780] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[780] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0004001B
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B50F8D
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B50FA8
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B50082
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B50065
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B50FD4
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B500AE
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B5009D
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B50F26
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B50F41
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00B50F15
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00B50FB9
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00B50025
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00B50F72
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00B50036
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00B500BF
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B4002C
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B40F9E
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B40FDB
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B40011
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B40051
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B40FAF
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B40FCA
.text C:\WINDOWS\system32\lsass.exe[792] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\lsass.exe[792] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00870000
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00870093
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00870F9E
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0087006C
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00870FAF
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00870040
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008700B8
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00870F72
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008700EE
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008700D3
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008700FF
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00870051
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00870011
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00870F8D
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00870FCA
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00870FDB
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00870F55
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00860025
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00860F83
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00860014
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00860FD4
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00860040
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00860F9E
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00860FB9
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00840FEF
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00840FDE
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009E0042
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009E0F4D
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009E0F68
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009E0025
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009E0F94
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009E0F15
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009E0F32
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009E00A7
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009E0F04
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 009E0EF3
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 009E0F83
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009E0053
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 009E0FB9
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 009E0FCA
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009E0078
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009D0FB2
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD7535 1 Byte [ E9 ]
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW + 2 77DD7537 3 Bytes [ 8A, BF, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009D0FC3
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009D0FD4
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009D0F86
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009D0028
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009D0FA1
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006B0056
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006B0045
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006B0F6B
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006B0F7C
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006B0F97
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006B0F30
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006B0078
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006B00A4
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006B0F0B
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 006B0EF0
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 006B001E
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 006B0FCA
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 006B0067
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 006B0FA8
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 006B0FB9
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 006B0089
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006A002C
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006A0FA5
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006A0FDB
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006A0011
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006A0058
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006A0FB6
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006A0000
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006A003D
.text C:\WINDOWS\System32\svchost.exe[1100] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0068000A
.text C:\WINDOWS\System32\svchost.exe[1100] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00680FEF
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02740FEF
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0274008E
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0274007D
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0274006C
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02740FAF
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02740040
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 027400D7
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 027400BC
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02740F63
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 027400F2
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02740F3E
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0274005B
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0274000A
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0274009F
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02740FCA
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0274001B
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 02740F74
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 023B0FDB
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 023B006C
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 023B002C
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 023B001B
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 023B0FAF
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 023B0051
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 023B0000
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 023B0FCA
.text C:\WINDOWS\System32\svchost.exe[1140] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 010F0FEF
.text C:\WINDOWS\System32\svchost.exe[1140] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 010F000A
.text C:\WINDOWS\System32\svchost.exe[1140] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 023C0FE5
.text C:\WINDOWS\System32\svchost.exe[1140] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 023C0FD4
.text C:\WINDOWS\System32\svchost.exe[1140] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 023C0014
.text C:\WINDOWS\System32\svchost.exe[1140] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 023C0025
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00770000
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0077007F
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00770064
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00770F8A
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00770F9B
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00770036
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00770F48
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00770F6F
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007700C6
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00770F2D
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00770F1C
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00770047
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00770FE5
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00770090
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00770FCA
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0077001B
.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 007700AB
.text C:\WINDOWS\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0076003D
.text C:\WINDOWS\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00760073
.text C:\WINDOWS\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0076002C
.text C:\WINDOWS\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00760011
.text C:\WINDOWS\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00760058
.text C:\WINDOWS\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00760FB6
.text C:\WINDOWS\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00760000
.text C:\WINDOWS\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00760FD1
.text C:\WINDOWS\System32\svchost.exe[1184] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00740000
.text C:\WINDOWS\System32\svchost.exe[1184] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 0074001B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00DC0F83
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00DC0082
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DC0071
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00DC004A
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00DC0FA8
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00DC0F3C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00DC0F57
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DC00CB
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DC00BA
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00DC00DC
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00DC0039
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00DC0F68
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00DC0FB9
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00DC009F
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00DA0040
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00DA0FAF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00DA002F
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00DA006C
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00DA005B
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00DA0FD4
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00DB0036
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A20000
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A20F63
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A20F7E
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A20062
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A20051
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A20040
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A20073
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A20F37
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A20F10
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A200A9
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A200C4
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A20FB9
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A20F52
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A20FD4
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A20025
.text C:\WINDOWS\System32\svchost.exe[1492] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A20084
.text C:\WINDOWS\System32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A10FB9
.text C:\WINDOWS\System32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A1005B
.text C:\WINDOWS\System32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A1000A
.text C:\WINDOWS\System32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\System32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A10F9E
.text C:\WINDOWS\System32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A10040
.text C:\WINDOWS\System32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\System32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A10025
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F70093
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F70FAF
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F7006C
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F7004A
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F700C2
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F70F7C
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F700EE
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F700D3
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F700FF
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F7005B
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F70014
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F70F8D
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F70025
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F70F5F
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F60036
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F60FB9
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F60025
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F6000A
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F6006C
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F60FCA
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F60051
.text C:\WINDOWS\system32\svchost.exe[1636] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[1636] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00870000
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00870087
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00870076
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0087005B
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00870F9E
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00870FCA
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008700A9
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00870098
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00870F2B
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008700C4
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00870F10
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00870FB9
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0087001B
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00870F77
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00870FE5
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0087002C
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00870F46
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00860FDE
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0086006C
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0086002F
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00860014
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0086005B
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00860FC3
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0086004A
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C50065
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C50F7A
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C50054
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C50043
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C5001E
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C50F4B
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C50087
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C500DD
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C500C2
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C50F29
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C50F97
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C50076
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C50FA8
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C50FB9
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C50F3A
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C40FC3
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C4005B
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C4000A
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C40040
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C4002F
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C40FA8
.text C:\WINDOWS\System32\svchost.exe[1904] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\System32\svchost.exe[1904] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00C2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00250082
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250071
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250F8D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250F9E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 002500BF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 002500AE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00250F37
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00250F52
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 002500E1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00250040
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0025000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0025009D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00250FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00250025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 002500D0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0033002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0033007A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0033001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0033000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00330069
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00330058
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00330FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0033003D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 010C0FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 010C0FCA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 010C0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 010C0FAF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 01570FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 01570FD4
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0087
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F92
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A006C
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A005B
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FC3
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F35
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F50
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0EF8
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F13
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0EE7
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A004A
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FE5
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F6D
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FD4
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A001B
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F24
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FC0
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290F8A
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0029001B
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290FE5
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290FA5
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290047
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0029000A
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290036
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E40000
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E40FE5
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E4001B
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00E40036
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 00FF0000
.text C:\Program Files\Outlook Express\MSIMN.EXE[2520] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 00FF0FDB
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B009A
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B007D
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B006C
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B00ED
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B00DC
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0123
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0108
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001B0F6F
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001B0014
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001B00BF
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3480] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001B0F8A
.text C:\WINDOWS\system32\wuauclt.exe[3480] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\wuauclt.exe[3480] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\wuauclt.exe[3480] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\system32\wuauclt.exe[3480] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[3480] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\wuauclt.exe[3480] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002A0036
.text C:\WINDOWS\system32\wuauclt.exe[3480] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3480] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002A0FA5

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 86F73378
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 86F73470
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 86F73470
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 86F73378
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 86F73378
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 86F73470
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 86F73470
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 86F73378
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 86F73470
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 86F73378
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 86F73470
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 86F73378
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 86F73470
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 86F73470
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 86F73378

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Ip 865961E0
Device \Driver\Tcpip \Device\Ip 866722B8
Device \Driver\Tcpip \Device\Ip 86E801F0
Device \Driver\Tcpip \Device\Ip 86C10C78

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Tcp 865961E0
Device \Driver\Tcpip \Device\Tcp 866722B8
Device \Driver\Tcpip \Device\Tcp 86E801F0
Device \Driver\Tcpip \Device\Tcp 86C10C78

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp 865961E0
Device \Driver\Tcpip \Device\Udp 866722B8
Device \Driver\Tcpip \Device\Udp 86E801F0
Device \Driver\Tcpip \Device\Udp 86C10C78

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\RawIp 865961E0
Device \Driver\Tcpip \Device\RawIp 866722B8
Device \Driver\Tcpip \Device\RawIp 86E801F0
Device \Driver\Tcpip \Device\RawIp 86C10C78

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\IPMULTICAST 865961E0
Device \Driver\Tcpip \Device\IPMULTICAST 866722B8
Device \Driver\Tcpip \Device\IPMULTICAST 86E801F0
Device \Driver\Tcpip \Device\IPMULTICAST 86C10C78
Device \FileSystem\Fastfat \Fat B6727C8A

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.14 ----
raktball
Regular Member
 
Posts: 23
Joined: November 24th, 2008, 3:14 pm

Re: New HiJackThis Log - brastk and/or karna?

Unread postby Shaba » December 4th, 2008, 1:02 pm

Looks good :)

I'd like you to check a file/some files for malware.
c:\windows\system32\DRIVERS\ssfs0bbc.sys

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.

Post back results here please
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New HiJackThis Log - brastk and/or karna?

Unread postby raktball » December 4th, 2008, 1:10 pm

I'm sorry, I'm not certain I understand to which list you're referring? I don't see that specific file in the last gmer run.
raktball
Regular Member
 
Posts: 23
Joined: November 24th, 2008, 3:14 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware