Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Redirecting, HijackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Redirecting, HijackThis Log

Unread postby alwayshopeful » December 28th, 2008, 9:17 pm

After letting a family member use my computer for some time I got it back with the browser redirecting contantly and popups all the time. My Mcafee also will not update and keeps telling me to reinstall however it wont allow me to reinstall the software from the website, always says it can not connect to the server. I have no idea what this stuff is, so downloaded hijack this and here is the log. As I stated, I have no idea what most of this stuff is. Any help would be very much appreciated. Thanks. :)


Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Free Traffic Bar Toolbar - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFree.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O3 - Toolbar: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: Free Traffic Bar Toolbar - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFree.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {2CDCCD47-FB6A-42A5-8401-F19FD130005B} (FnetPlayerCtrl Class) - https://fn.probitymt.com/ehr-probity/in ... player.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
alwayshopeful
Active Member
 
Posts: 10
Joined: December 28th, 2008, 9:11 pm
Advertisement
Register to Remove

Re: Browser Redirecting, HijackThis Log

Unread postby Carolyn » January 2nd, 2009, 12:17 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Step 1

Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Step 2

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. DDS.txt
  2. Attach.txt
  3. Gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Browser Redirecting, HijackThis Log

Unread postby alwayshopeful » January 2nd, 2009, 1:09 pm

Just one question, when you say disable any script blocker, I am unsure of what that means... Thanks.
alwayshopeful
Active Member
 
Posts: 10
Joined: December 28th, 2008, 9:11 pm

Re: Browser Redirecting, HijackThis Log

Unread postby alwayshopeful » January 2nd, 2009, 2:15 pm

Nevermind, everything went off without a hitch. There seems to be a whole lot, my sister had my computer for about a year and I just got it back. I really need it to be secure and cleaned as I am looking at a promotion at work that will allow me to work from home, but I must work from a desktop and it is integral that it be secure. Thank you so much for answering my post and sorry about the amount of stuff that seems to be here....here are the logs

DDS TEXT

Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.539 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\KR\Desktop\dds.com

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.comcast.net/
uDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Free Traffic Bar Toolbar: {0ed0633c-a54d-47f1-94e7-5bded41ae674} - c:\program files\free_traffic_bar\tbFree.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: RetailMeNot Toolbar: {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - c:\program files\retailmenot\tbReta.dll
TB: RetailMeNot Toolbar: {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - c:\program files\retailmenot\tbReta.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Free Traffic Bar Toolbar: {0ed0633c-a54d-47f1-94e7-5bded41ae674} - c:\program files\free_traffic_bar\tbFree.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {9B393B85-708D-4E61-9529-2FA61D4A4904} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kimber~1\applic~1\mozilla\firefox\profiles\y4idb8i7.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/home.html
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-28 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-28 39200]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-4 201320]
R1 Start1Driver;Start1Driver;c:\windows\system32\drivers\Start1Driver.sys [2008-12-26 3584]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;"c:\program files\leapfrog\leapfrog connect\CommandService.exe" [2008-11-25 991232]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-7-2 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-10-4 144704]
R2 Start2Driver;Start2Driver;c:\windows\system32\drivers\Start2Driver.sys [2008-12-26 4096]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\TFService.exe service []
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-10-4 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-4 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-4 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-4 40488]
R3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys [2008-12-28 33056]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2003-11-17 99476]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-4 33832]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys []

=============== Created Last 30 ================

2008-12-30 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AppRanger
2008-12-30 16:58 <DIR> -cd----- c:\program files\AppRanger
2008-12-28 23:38 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2008-12-28 23:38 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2008-12-28 23:38 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2008-12-28 23:38 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2008-12-28 23:38 <DIR> -cd----- c:\program files\ThreatFire
2008-12-28 23:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2008-12-28 20:49 <DIR> -cd----- c:\program files\EsetOnlineScanner
2008-12-28 19:57 <DIR> -cd----- c:\program files\Trend Micro
2008-12-28 19:35 <DIR> -cd----- c:\program files\SpywareGuard
2008-12-27 23:48 11,658 a------- C:\CTMeasureTiming.ini
2008-12-26 13:51 <DIR> -cd----- c:\docume~1\kimber~1\applic~1\Malwarebytes
2008-12-26 13:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-26 13:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 13:51 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 13:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-26 13:42 4,096 a------- c:\windows\system32\drivers\Start2Driver.SYS
2008-12-26 13:42 3,584 a------- c:\windows\system32\drivers\Start1Driver.SYS
2008-12-25 21:32 <DIR> -cd----- c:\docume~1\kimber~1\applic~1\World-LooM
2008-12-25 21:31 <DIR> -cd----- c:\program files\Fix-it-up - Kates Adventure
2008-12-25 20:56 110 a------- c:\windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
2008-12-25 20:56 <DIR> --d----- c:\windows\CF055C57A98842E6BDAFE3D94C6973A8.TMP
2008-12-25 20:56 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2008-12-25 20:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Leapfrog
2008-12-25 20:53 <DIR> -cd----- c:\program files\LeapFrog
2008-12-25 18:57 53,248 -------- c:\windows\Ctregrun.exe
2008-12-25 18:56 417,792 a------- c:\windows\system32\awrdscdc.ax
2008-12-25 18:56 24,576 -------- c:\windows\system32\msxml3a.dll
2008-12-25 18:55 <DIR> -cd----- c:\program files\Audible
2008-12-25 18:53 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2008-12-25 18:53 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2008-12-25 18:53 <DIR> -cd----- c:\program files\common files\Creative
2008-12-25 18:53 <DIR> -cd-h--- c:\program files\Creative Installation Information
2008-12-25 18:53 <DIR> -cd----- c:\program files\Creative
2008-12-25 18:48 2,392 a------- C:\autorun.PNF
2008-12-23 19:23 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-23 19:23 1,409 a------- c:\windows\QTFont.for
2008-12-22 15:06 <DIR> -cd----- c:\program files\LeeGTs Games
2008-12-22 14:12 <DIR> -cd----- c:\program files\videosoft
2008-12-22 13:02 <DIR> -cd----- c:\program files\iWin.com
2008-12-22 12:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iWin Games
2008-12-22 10:42 <DIR> -cd----- c:\program files\County Fair
2008-12-18 14:24 371,710 a------- C:\AnalysisLog.sr0
2008-12-15 21:00 <DIR> -cd----- c:\program files\SystemRequirementsLab
2008-12-15 20:18 <DIR> --d----- c:\windows\$regcmp$
2008-12-15 20:04 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-12-15 20:04 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-12-15 20:04 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-12-15 20:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-12-15 20:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-12-15 20:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-12-15 20:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-12-15 18:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SimCity Societies
2008-12-15 18:54 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-15 15:53 2,117,632 a------- c:\windows\system32\python25.dll
2008-12-15 15:53 339,968 a------- c:\windows\system32\pythoncom25.dll
2008-12-15 15:53 114,688 a------- c:\windows\system32\pywintypes25.dll
2008-12-15 15:53 1,332,197 a------- c:\windows\system32\pythondll.zip
2008-12-14 23:26 <DIR> -cd----- c:\program files\Pictureka - Museum Mayhem
2008-12-04 20:37 <DIR> --d----- c:\windows\Logs

==================== Find3M ====================

2008-12-15 15:53 348,160 ac------ c:\windows\system32\msvcr71.dll
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-10 20:40 43,324 ac------ c:\docume~1\kimber~1\applic~1\wklnhst.dat
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a--s---- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-02-29 15:49 0 ac------ c:\program files\temp01
2007-12-16 20:10 247,520 ac------ c:\docume~1\kimber~1\applic~1\GDIPFONTCACHEV1.DAT
2007-10-30 17:04 32,768 ac------ c:\documents and settings\kr\WebVpnRegKey4-myselect-selectmedicalcorp-com.dll
2007-08-31 08:35 110 ac------ c:\docume~1\alluse~1\applic~1\MostFunGameId.bin
2006-09-18 18:45 774,144 ac------ c:\program files\RngInterstitial.dll
2007-02-06 16:09 168 -c-shr-- c:\windows\system32\11B88329DC.sys
2008-03-13 17:13 80 -c-shr-- c:\windows\system32\DC2983B811.dll
2006-12-29 12:06 56 -c-shr-- c:\windows\system32\DC2983B811.sys
2007-02-06 16:09 8,354 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-07 15:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 12:10:45.20 ===============






ATTACH TEXT



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/6/2006 10:32:28 AM
System Uptime: 1/2/2009 11:53:59 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2528/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 32.741 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 17.785 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP468: 11/8/2008 12:35:42 AM - System Checkpoint
RP469: 11/9/2008 1:31:12 AM - System Checkpoint
RP470: 11/10/2008 2:31:09 AM - System Checkpoint
RP471: 11/11/2008 3:31:08 AM - System Checkpoint
RP472: 11/12/2008 4:45:38 AM - System Checkpoint
RP473: 11/13/2008 3:00:22 AM - Software Distribution Service 3.0
RP474: 11/14/2008 3:43:57 AM - System Checkpoint
RP475: 11/15/2008 4:38:56 AM - System Checkpoint
RP476: 11/16/2008 5:38:56 AM - System Checkpoint
RP477: 11/17/2008 6:38:56 AM - System Checkpoint
RP478: 11/18/2008 7:46:39 AM - System Checkpoint
RP479: 11/20/2008 9:52:34 PM - System Checkpoint
RP480: 11/21/2008 9:58:02 PM - System Checkpoint
RP481: 11/22/2008 11:15:33 PM - System Checkpoint
RP482: 11/23/2008 8:45:34 PM - Installed Media Semantics Character Builder
RP483: 11/23/2008 8:51:02 PM - Installed Microsoft Mike+Mary Speech Pack
RP484: 11/24/2008 11:30:24 PM - System Checkpoint
RP485: 11/25/2008 11:58:06 PM - System Checkpoint
RP486: 11/27/2008 12:58:05 AM - System Checkpoint
RP487: 11/28/2008 1:58:02 AM - System Checkpoint
RP488: 11/29/2008 3:26:01 AM - System Checkpoint
RP489: 11/30/2008 3:30:39 AM - System Checkpoint
RP490: 12/1/2008 3:54:00 AM - System Checkpoint
RP491: 12/2/2008 4:53:56 AM - System Checkpoint
RP492: 12/3/2008 5:44:09 AM - System Checkpoint
RP493: 12/4/2008 6:44:08 AM - System Checkpoint
RP494: 12/4/2008 7:48:00 PM - Removed Media Semantics Character Builder
RP495: 12/4/2008 8:38:02 PM - Installed DirectX
RP496: 12/5/2008 9:21:41 PM - System Checkpoint
RP497: 12/7/2008 12:51:20 AM - System Checkpoint
RP498: 12/8/2008 1:44:14 AM - System Checkpoint
RP499: 12/9/2008 2:29:00 AM - System Checkpoint
RP500: 12/10/2008 2:37:59 AM - System Checkpoint
RP501: 12/10/2008 3:00:33 AM - Software Distribution Service 3.0
RP502: 12/11/2008 3:00:18 AM - Software Distribution Service 3.0
RP503: 12/12/2008 3:15:08 AM - System Checkpoint
RP504: 12/13/2008 4:15:11 AM - System Checkpoint
RP505: 12/14/2008 5:15:09 AM - System Checkpoint
RP506: 12/15/2008 6:15:06 AM - System Checkpoint
RP507: 12/15/2008 6:38:36 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP508: 12/15/2008 6:39:21 PM - Installed SimCity™ Societies
RP509: 12/15/2008 7:52:07 PM - Removed SimCity™ Societies
RP510: 12/15/2008 8:04:31 PM - Installed DirectX
RP511: 12/15/2008 8:10:27 PM - Software Distribution Service 3.0
RP512: 12/15/2008 9:07:56 PM - Installed SimCity™ Societies
RP513: 12/16/2008 9:53:11 PM - System Checkpoint
RP514: 12/17/2008 10:29:44 PM - System Checkpoint
RP515: 12/18/2008 3:00:17 AM - Software Distribution Service 3.0
RP516: 12/19/2008 3:22:21 AM - System Checkpoint
RP517: 12/20/2008 4:22:24 AM - System Checkpoint
RP518: 12/21/2008 5:22:20 AM - System Checkpoint
RP519: 12/21/2008 12:21:35 PM - Removed SimCity™ Societies
RP520: 12/22/2008 2:40:06 PM - System Checkpoint
RP521: 12/22/2008 3:06:09 PM - Installed Miss Popularity
RP522: 12/23/2008 3:26:46 PM - System Checkpoint
RP523: 12/24/2008 4:22:21 PM - System Checkpoint
RP524: 12/25/2008 6:44:58 PM - System Checkpoint
RP525: 12/25/2008 6:53:20 PM - Installed Creative ZEN (DVP-FL0001)
RP526: 12/30/2008 4:58:38 PM - Installed AppRanger
RP527: 12/30/2008 5:13:25 PM - Removed AppRanger

==== Installed Programs ======================


1500
1500_Help
1500Trb
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.3
Adobe Shockwave Player
Advanced WindowsCare 2.55 Personal
AiO_Scan
AiOSoftware
Apple Software Update
ArcSoft Software Suite
AudibleManager
Banctec Service Agreement
BCL easyPDF Printer Driver 4.3
Big Fish Games Client
BufferChm
CCleaner (remove only)
Citrix Presentation Server Client - Web Only
Conexant D850 56K V.9x DFVc Modem
County Fair
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Creative System Information
Creative ZEN
CueTour
CustomerResearchQFolder
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Resource CD
Dell Support 3.1
Dell System Restore
Desktop Doctor
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DocProc
Documentation & Support Launcher
DocumentViewer
DocumentViewerQFolder
ELIcon
ESET Online Scanner
eSupportQFolder
Fax
Fix-it-up: Kate`s Adventure
Free Registry Defrag
Free_Traffic_Bar Toolbar
FullDPAppQFolder
Games, Music, & Photos Launcher
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Detection
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
InstantShareDevices
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KODAK EASYSHARE Gallery Upload ActiveX Control
LeapFrog Connect
LeapFrog Didj Plugin
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
MCU
MedRemote WebTop
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Mike+Mary Speech Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NetWaiting
NewCopy
Paint Shop Pro 7 ESD
PanoStandAlone
Photo Toolkit 1.7
PhotoGallery
Pictureka! - Museum Mayhem
ProductContext
QuickTime
RandMap
Readme
RealArcade
RealPlayer
RetailMeNot Toolbar
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB957097)
SkinsHP1
Skype™ 3.8
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Spybot - Search & Destroy
Status
System Requirements Lab
Taskbar Calculator
ThreatFire 4.0
TrayApp
Unload
videosoft
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows XP Service Pack 3
Word Riot Deluxe
Works Upgrade
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec
Yahoo! Messenger
ZD Recorder 3.0.1.0
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

12/26/2008 4:31:55 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/26/2008 8:25:00 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
12/26/2008 8:25:00 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2.
12/26/2008 8:25:00 AM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
12/26/2008 8:25:00 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
12/26/2008 8:25:00 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2.
12/26/2008 8:25:00 AM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
12/26/2008 12:55:45 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/30/2008 1:57:32 PM, error: Dhcp [1002] - The IP address lease 68.83.151.84 for the Network Card with network address 0016765234BC has been denied by the DHCP server 68.87.75.17 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================



GMER TEXT


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-02 12:30:08
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF772ADFA]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF772AFEA]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF772B08C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF772ACEE]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF772B224]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF772C798]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xECE669AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xECE66958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xECE6696C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xECE66AF9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xECE66ADE]
Code 86A5F150 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xECE669EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xECE66B23]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xECE66930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xECE66944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xECE669BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xECE66B5F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xECE66AC8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xECE66AB4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xECE66A6D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xECE66B4B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xECE66B37]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xECE66996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xECE66982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xECE66B0D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xECE66A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xECE669D4]
Code ED097E99 pIofCallDriver
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP ECE669D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 5 Bytes JMP ECE66AB8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP ECE669AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP ECE66986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP ECE66B63 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP ECE66AFD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP ECE66934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP ECE669C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP ECE66A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP ECE669EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 86A5F154
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP ECE66970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP ECE66948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP ECE66B27 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP ECE66AE2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 2 Bytes JMP ECE6695C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess + 4 805B136E 1 Byte [ 6C ]
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP ECE6699A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP ECE66B11 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP ECE66ACC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP ECE66A71 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP ECE66B3B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP ECE66B4F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4C, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F690F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F720F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F240F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F210F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F570F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6F0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F660F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3F0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F330F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F600F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F630F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F750F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F420F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F450F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7C, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1B0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F510F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F780F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F480F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F360F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 55, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F300F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F270F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0F77
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0062
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0051
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0040
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0FAF
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB007D
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0F41
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB0EFF
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB008E
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DB00B3
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DB0F9E
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DB0F52
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DB0F1A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D90014
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D9004A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D90FCD
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D90FDE
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D90F97
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D90FA8
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F9, 88 ]
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D9002F
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[628] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[628] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[628] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[628] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\svchost.exe[628] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[628] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00DA001B
.text C:\WINDOWS\system32\svchost.exe[628] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00DA002C
.text C:\WINDOWS\system32\svchost.exe[628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\winlogon.exe[656] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[656] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[656] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 32, 5F ]
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010B0000
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010B0073
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010B0F7E
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010B0F8F
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010B0058
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010B0FC0
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010B0F35
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010B0F46
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010B0EEE
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010B0F09
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 010B00A2
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 010B003D
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6C0F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 010B0011
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 010B0F6D
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 010B0FDB
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 010B0022
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 010B0F1A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F690F5A
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 010A0047
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 010A0091
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 010A002C
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 010A001B
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 010A0080
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 010A0000
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 010A0FD4
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 2A, 89 ]
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 010A0FE5
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\services.exe[700] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0086
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0075
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB004E
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F91
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB002C
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB00C3
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00A8
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00E5
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F56
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BB0100
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BB003D
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BB0097
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BB00D4
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BA0040
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BA0FAF
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DA, 88 ]
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BA0051
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\lsass.exe[712] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\lsass.exe[712] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\lsass.exe[712] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\lsass.exe[712] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60F92
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60087
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60076
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60065
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60036
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D600D0
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D600BF
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D600EB
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60F5C
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D600FC
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D60FB9
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D60FDB
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D600A2
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D60025
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D60FCA
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D60F6D
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D40FA8
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D40F61
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D40FB9
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D40FD4
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D40F72
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D40014
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D40F8D
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[884] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[884] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[884] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D50FDE
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D50FC3
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D5000A
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E5005E
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E50F5F
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50F7C
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E5002F
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50F8D
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E5006F
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F27
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E5009B
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E5008A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E50EE7
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E50014
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E50FDE
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E50F44
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E50FA8
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E50FC3
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E50F0C
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E30FB2
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E3002F
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E30F72
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E30014
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E30F97
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00E40022
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10FE5
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025C0FEF
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025C0F83
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025C0F94
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025C0062
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025C0FA5
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025C0FB6
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025C0F37
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025C0F52
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025C0EFA
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025C0F0B
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F8A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 025C00AE
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 025C0047
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 025C000A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 025C0089
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 025C002C
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 025C001B
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 025C0F26
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 025A0FDB
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 025A0062
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 025A002C
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 025A001B
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 025A0FA5
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 025A0000
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 025A0FC0
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 7A, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 025A0047
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 88, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F840F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[1064] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\System32\svchost.exe[1064] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 025B0FE5
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 025B0FCA
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 025B0000
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 025B001B
.text C:\WINDOWS\System32\svchost.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01730000
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B10F83
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B1006E
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B1005D
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B10F94
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B10FB6
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B10F4B
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B10F5C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B100DA
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B100BF
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B10F26
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B10FA5
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B10FE5
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B10093
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B1002C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B1001B
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B100AE
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 008A0051
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 008A0FDB
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 008A0036
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 008A0025
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 008A008E
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 008A007D
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 008A0062
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 008B0FDB
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 008B0011
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 008B0FCA
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00880FE5
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F66
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20040
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C2002F
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20F94
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C2006C
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F26
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C2008E
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C2007D
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C200A9
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C20F83
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C20FD4
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20F41
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C20EFF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C00FA5
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C00F6F
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C00F8A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ E0, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00C10FC0
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00C10FA5
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01E10000
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01E100A2
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01E10FA3
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01E10FB4
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01E10FD1
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01E1004E
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01E10F75
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01E10F92
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01E100F3
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01E10F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01E10F49
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01E10069
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01E10011
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01E100B3
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01E1003D
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01E1002C
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01E100D8
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01DF0047
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01DF0FC7
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01DF002C
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01DF001B
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01DF0084
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01DF0000
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01DF0073
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01DF0058
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01E0000A
.text C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01E00FEF
.text C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01E00025
.text C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01E00FCA
.text C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\Explorer.EXE[1472] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02440000
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10055
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10044
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10033
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10F80
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10022
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D10092
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D10081
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10F0A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F25
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D100C8
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D10F91
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D10FCA
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D10066
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D10011
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D100AD
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C00F8D
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00C10022
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00C10FC7
.text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FEF
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\alg.exe[2680] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\alg.exe[2680] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[2680] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\alg.exe[2680] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\alg.exe[2680] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F730F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F760F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F7C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F790F5A
.text C:\Program Files\ThreatFire\TFTray.exe[3232] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F790F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F7C0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A

---- User IAT/EAT - GMER 1.0.14 ----

IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F660000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F570000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F700000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F660000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F570000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01F72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01F72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01F72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01F72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\ThreatFire\TFTray.exe[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThreatFire\TFTray.exe[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThreatFire\TFTray.exe[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThreatFire\TFTray.exe[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C62F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C62CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C62D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C62CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\KR\Desktop\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\KR\Desktop\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\KR\Desktop\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\KR\Desktop\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\msqpdxxcbahssi.sys (*** hidden *** ) ED096000-ED0C1000 (176128 bytes)

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\msqpdxxcbahssi.sys (*** hidden *** ) [SYSTEM] msqpdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxxcbahssi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxxcbahssi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxrbjykudo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxxcbahssi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxxcbahssi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxrbjykudo.dll
Reg HKLM\SOFTWARE\Classes\msqpdxvx
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxrun 71
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpff 7963
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxaff 2956
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxinfo ?}gx~yc?~d?gkomcyjloumllqQXTc
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxid rfx?y?|xve?eaddab???i?ko?#WVWQ&$T_*
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxsrv 1745024793
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpos 5}~p|z?vwp4biedfbakz

---- EOF - GMER 1.0.14 ----
alwayshopeful
Active Member
 
Posts: 10
Joined: December 28th, 2008, 9:11 pm

Re: Browser Redirecting, HijackThis Log

Unread postby Carolyn » January 2nd, 2009, 5:44 pm

Hi,

Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Browser Redirecting, HijackThis Log

Unread postby alwayshopeful » January 2nd, 2009, 7:42 pm

After downloading Combo Fix, it does indeed state that I should download windows recovery console, however when I click yes, it tries to but comes back with a message that it failed to download. I wasnt sure if I should continue with the scan so I closed combo fix and my internet freezes up and I can not connect to any page until I restart the computer.
alwayshopeful
Active Member
 
Posts: 10
Joined: December 28th, 2008, 9:11 pm

Re: Browser Redirecting, HijackThis Log

Unread postby Carolyn » January 3rd, 2009, 4:02 pm

Hi,

Please give this alternate method a try:

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Image


Download the file & save it to your desktop as it's originally named.

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Image


  • Drag the setup package onto ComboFix.exe and drop it.


  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Image



  • At the next prompt, click 'Yes' to run the full ComboFix scan.


  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Browser Redirecting, HijackThis Log

Unread postby alwayshopeful » January 4th, 2009, 8:15 pm

This isn't working either...upon dragging and dropping the windows boot file and dropping it onto comobfix a message comes up that says the publisher could not be verified are you sure you want to run this software, I hit run but then a message comes up and says Some files could not be created please close all applications, reboot windows and restart this installation. All of my virus software is disabled and I am not running any applications, but no matter how many times I reboot and restart it says the same message. After the message combofix also gets stuck open and I have to manually close it through control alt delete.
alwayshopeful
Active Member
 
Posts: 10
Joined: December 28th, 2008, 9:11 pm

Re: Browser Redirecting, HijackThis Log

Unread postby Carolyn » January 5th, 2009, 1:43 pm

Hi,

Registry Cleaners

I notice the presence of Free Registry Defrag Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------------------------------------

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

----------------------------------------------------------------------

Uninstall ThreatFire

I notice that there is more than one antivirus program installed on your computer. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. When you have more than one antivirus program installed at the same time, they conflict with each other rendering the computer vulnerable or unusable.

It is NOT safe to have more than one anti-virus installed on a system, and doing so not only does NOT provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes!

  • Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall ThreatFire.

----------------------------------------------------------------------

Disable MCAFEE SECURITY CENTER

Please navigate to the system tray and double-click the taskbar icon to open Security Center.

* Click Advanced Menu (bottom mid-left).
* Click Configure (left).
* Click Computer & Files (top left).
* VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.

Do the same via Internet & Network for Firewall Plus.

----------------------------------------------------------------------

Install the Recovery Console and run ComboFix

  • Drag the setup package onto ComboFix.exe and drop it.


    Image


  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Image



  • At the next prompt, click 'Yes' to run the full ComboFix scan.


  • When the tool is finished, it will produce a report for you.

----------------------------------------------------------------------

Please re-enable your McAfee Security Center

After you re-enable McAfee, please post the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Browser Redirecting, HijackThis Log

Unread postby alwayshopeful » January 5th, 2009, 2:33 pm

Okay it must have been threatfire that was not allowing it to run. I had it disabled but once I uninstalled it everything went smoothly. I also uninstalled the registry defrag program.

Here is the combofix report


ComboFix 09-01-05.02 - KR 2009-01-05 13:08:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.635 [GMT -5:00]
Running from: c:\documents and settings\KR\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\KR\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar.txt
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\content\options.js
c:\program files\SelectRebates\FFToolbar\chrome\content\options.xul
c:\program files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.xul
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\contents.rdf
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd.skin
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.properties
c:\program files\SelectRebates\FFToolbar\chrome\skin\3rdParty.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\add-folderplus.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\add-plussign.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\alert-blue.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\alert-red.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\bluebar.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\dollarsign.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\FindWords.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\gripper.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\icon-magnifying.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\invite.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\invite2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-blue.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-gray.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-green.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-red.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Options.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\S.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-LogoHotSpots.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-logotext.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v1.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\sahtoolbar.css
c:\program files\SelectRebates\FFToolbar\chrome\skin\Scissors.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Search.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\shoppingcart.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\singleperson.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\star.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\thumb2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Thumbs.db
c:\program files\SelectRebates\FFToolbar\chrome\skin\toolbar-images-ALL.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Toolbar_HelpAndFeedback.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Wrench.png
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\bg-gradient.gif
c:\program files\SelectRebates\SahImages\button-close.gif
c:\program files\SelectRebates\SahImages\sah-logopop.gif
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\Toolbar\Add.bmp
c:\program files\SelectRebates\Toolbar\AdvancedOptions.html
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\button-CloseWindow.gif
c:\program files\SelectRebates\Toolbar\i_clipboard.bmp
c:\program files\SelectRebates\Toolbar\i_help.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\Invite.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\MyNew.bmp
c:\program files\SelectRebates\Toolbar\MyNone.bmp
c:\program files\SelectRebates\Toolbar\MyPage.bmp
c:\program files\SelectRebates\Toolbar\Rate.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sah_logo_bars.gif
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\program files\SelectRebates\Toolbar\Tools.bmp
c:\program files\SelectRebates\Toolbar\Tools2.bmp
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
c:\windows\system32\drivers\msqpdxxcbahssi.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msqpdxrbjykudo.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\srecorder.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-04 20:53 . 2009-01-04 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-04 19:27 . 2009-01-05 13:01 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2009-01-04 19:27 . 2009-01-05 13:01 <DIR> d----c--- c:\documents and settings\KR\Application Data\SUPERAntiSpyware.com
2009-01-03 20:53 . 2009-01-03 20:59 <DIR> d-------- C:\Remote Programs
2009-01-03 20:53 . 2009-01-04 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Free Ride Games
2009-01-03 20:53 . 2008-06-21 16:28 37,033 --------- c:\windows\FRGT.ico
2009-01-03 20:53 . 2009-01-03 20:53 64 --a------ c:\windows\GPlrLanc.dat
2009-01-03 20:52 . 2009-01-04 20:53 <DIR> d----c--- c:\program files\Free Ride Games
2009-01-03 20:52 . 2008-06-17 16:31 53,305 --------- c:\windows\ExentInfo.exe
2009-01-02 12:13 . 2009-01-02 12:17 250 --a------ c:\windows\gmer.ini
2008-12-30 16:58 . 2008-12-30 17:13 <DIR> d----c--- c:\program files\AppRanger
2008-12-30 16:58 . 2008-12-30 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\AppRanger
2008-12-28 23:38 . 2009-01-05 09:08 <DIR> d----c--- c:\program files\ThreatFire
2008-12-28 19:57 . 2008-12-28 19:57 <DIR> d----c--- c:\program files\Trend Micro
2008-12-28 19:35 . 2008-12-28 19:51 <DIR> d----c--- c:\program files\SpywareGuard
2008-12-27 23:48 . 2008-12-27 23:54 11,658 --a------ C:\CTMeasureTiming.ini
2008-12-26 13:51 . 2008-12-26 13:51 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 13:51 . 2008-12-26 13:51 <DIR> d----c--- c:\documents and settings\KR\Application Data\Malwarebytes
2008-12-26 13:51 . 2008-12-26 13:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 13:51 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 13:51 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 13:42 . 2008-12-16 15:19 4,096 --a------ c:\windows\system32\drivers\Start2Driver.SYS
2008-12-26 13:42 . 2008-12-16 11:44 3,584 --a------ c:\windows\system32\drivers\Start1Driver.SYS
2008-12-25 21:32 . 2008-12-25 21:32 <DIR> d----c--- c:\documents and settings\KR\Application Data\World-LooM
2008-12-25 21:31 . 2008-12-25 21:31 <DIR> d----c--- c:\program files\Fix-it-up - Kates Adventure
2008-12-25 20:56 . 2008-12-25 20:57 <DIR> d-------- c:\windows\CF055C57A98842E6BDAFE3D94C6973A8.TMP
2008-12-25 20:56 . 2009-01-05 13:01 <DIR> d----c--- c:\program files\Common Files\Wise Installation Wizard
2008-12-25 20:56 . 2008-12-25 20:57 110 --a------ c:\windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
2008-12-25 20:54 . 2008-12-25 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Leapfrog
2008-12-25 20:53 . 2008-12-25 20:56 <DIR> d----c--- c:\program files\LeapFrog
2008-12-25 19:21 . 2008-12-30 10:55 <DIR> d----c--- c:\documents and settings\KR\Application Data\Creative
2008-12-25 18:57 . 2006-10-05 17:17 53,248 --------- c:\windows\Ctregrun.exe
2008-12-25 18:56 . 2008-12-25 18:56 417,792 --a------ c:\windows\system32\awrdscdc.ax
2008-12-25 18:56 . 2001-08-17 22:43 24,576 --------- c:\windows\system32\msxml3a.dll
2008-12-25 18:55 . 2008-12-25 18:56 <DIR> d----c--- c:\program files\Audible
2008-12-25 18:54 . 2008-12-25 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative
2008-12-25 18:53 . 2008-12-25 18:55 <DIR> d--h-c--- c:\program files\Creative Installation Information
2008-12-25 18:53 . 2008-12-25 18:57 <DIR> d----c--- c:\program files\Creative
2008-12-25 18:53 . 2008-12-25 18:53 <DIR> d----c--- c:\program files\Common Files\Creative
2008-12-25 18:53 . 1999-12-12 12:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-12-25 18:53 . 1999-11-17 12:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-12-25 18:48 . 2008-12-25 20:58 2,392 --a------ C:\autorun.PNF
2008-12-23 19:23 . 2009-01-04 17:33 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-23 19:23 . 2008-12-23 19:23 1,409 --a------ c:\windows\QTFont.for
2008-12-22 15:06 . 2008-12-22 15:06 <DIR> d----c--- c:\program files\LeeGTs Games
2008-12-22 14:12 . 2008-12-22 14:12 <DIR> d----c--- c:\program files\videosoft
2008-12-22 13:02 . 2008-12-22 14:15 <DIR> d----c--- c:\program files\iWin.com
2008-12-22 12:57 . 2008-12-22 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\iWin Games
2008-12-19 08:25 . 2008-12-19 08:25 <DIR> d----c--- c:\documents and settings\NetworkService\Application Data\agi
2008-12-18 14:24 . 2008-12-18 14:25 371,710 --a------ C:\AnalysisLog.sr0
2008-12-15 21:08 . 2008-12-21 12:23 <DIR> d----c--- c:\program files\Electronic Arts
2008-12-15 21:00 . 2008-12-15 21:00 <DIR> d----c--- c:\program files\SystemRequirementsLab
2008-12-15 20:18 . 2008-12-15 20:24 <DIR> d-------- c:\windows\$regcmp$
2008-12-15 20:04 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-12-15 20:04 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-12-15 20:04 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-12-15 20:04 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-12-15 20:04 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-12-15 20:04 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-12-15 20:04 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-12-15 18:55 . 2008-12-15 18:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-12-15 18:54 . 2008-12-18 13:44 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-15 15:54 . 2008-12-15 15:54 <DIR> d----c--- c:\documents and settings\LocalService\Application Data\agi
2008-12-15 15:53 . 2008-12-15 15:53 2,117,632 --a------ c:\windows\system32\python25.dll
2008-12-15 15:53 . 2008-09-16 11:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2008-12-15 15:53 . 2008-12-15 15:53 339,968 --a------ c:\windows\system32\pythoncom25.dll
2008-12-15 15:53 . 2008-12-15 15:53 114,688 --a------ c:\windows\system32\pywintypes25.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 14:08 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-05 14:07 --------- dc----w c:\program files\Oberon Media
2009-01-05 14:06 --------- dc----w c:\program files\RealArcade
2009-01-04 22:47 --------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-04 01:52 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-01-01 19:35 --------- dc----w c:\program files\Spybot - Search & Destroy
2008-12-26 02:04 --------- dc----w c:\documents and settings\KR\Application Data\Skype
2008-12-26 00:03 --------- dc----w c:\program files\Dell
2008-12-26 00:02 --------- dc----w c:\documents and settings\KR\Application Data\skypePM
2008-12-22 19:16 --------- dc----w c:\program files\MSN Messenger
2008-12-22 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-12-19 18:34 --------- dc----w c:\documents and settings\KR\Application Data\Move Networks
2008-12-15 20:53 348,160 -c--a-w c:\windows\system32\msvcr71.dll
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 01:40 43,324 -c--a-w c:\documents and settings\KR\Application Data\wklnhst.dat
2008-12-10 08:04 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-06 18:36 --------- d-----w c:\program files\Yahoo!
2008-12-02 02:46 --------- dc----w c:\program files\Microsoft Digital Image 2006
2008-12-01 19:10 --------- d-----w c:\program files\ZD Soft
2008-11-26 02:27 --------- dc----w c:\documents and settings\KR\Application Data\Pogo Games
2008-11-25 21:11 --------- dc----w c:\program files\Free_Traffic_Bar
2008-11-24 01:47 --------- dc----w c:\documents and settings\KR\Application Data\Media Semantics
2008-11-23 23:54 --------- dc----w c:\program files\BellCraft.com
2008-11-23 23:49 --------- dc----w c:\program files\Flipz4Flash
2008-11-18 23:09 --------- dc----w c:\program files\Coupons
2008-11-18 23:05 --------- dc----w c:\program files\Veetle
2008-11-08 19:49 --------- dc----w c:\documents and settings\KR\Application Data\FirstColony
2008-11-07 04:07 --------- dc----w c:\program files\Common Files\Adobe
2008-11-06 00:03 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2008-11-06 00:01 --------- dc----w c:\program files\bfgclient
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 --s-a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-02-29 20:49 0 -c--a-w c:\program files\temp01
2007-12-17 01:10 247,520 -c--a-w c:\documents and settings\KR\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 22:04 32,768 -c--a-w c:\documents and settings\KR\WebVpnRegKey4-myselect-selectmedicalcorp-com.dll
2007-08-31 13:35 110 -c--a-w c:\documents and settings\All Users\Application Data\MostFunGameId.bin
2006-09-18 23:45 774,144 -c--a-w c:\program files\RngInterstitial.dll
2007-02-06 21:09 168 -csh--r c:\windows\system32\11B88329DC.sys
2008-03-13 22:13 80 -csh--r c:\windows\system32\DC2983B811.dll
2006-12-29 17:06 56 -csh--r c:\windows\system32\DC2983B811.sys
2007-02-06 21:09 8,354 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-07 20:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 1,404,928 2004-10-14 19:42:54 c:\program files\Analog Devices\Core\bak\smax4pnp.exe
-c--a-w 1,404,928 2004-10-14 18:42:54 c:\program files\Analog Devices\Core\smax4pnp.exe

-c--a-w 81,920 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe

-c--a-w 249,856 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

-c--a-w 185,896 2007-02-02 21:30:44 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 49,152 2005-05-12 04:12:54 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

-c--a-w 1,121,792 2005-08-12 20:16:44 c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe

-c--a-w 303,104 2005-09-22 22:29:08 c:\program files\McAfee.com\Agent\bak\mcagent.exe
-c--a-w 582,992 2007-11-01 23:12:38 c:\program files\McAfee.com\Agent\mcagent.exe

-c--a-w 212,992 2006-01-11 16:05:42 c:\program files\McAfee.com\Agent\bak\mcupdate.exe
-c--a-w 419,152 2007-12-06 18:10:26 c:\program files\McAfee.com\Agent\mcupdate.exe

-c--a-w 5,674,352 2007-01-19 16:54:56 c:\program files\MSN Messenger\bak\msnmsgr.exe
-c--a-w 5,674,352 2007-01-19 16:54:56 c:\program files\MSN Messenger\msnmsgr.exe

-c--a-w 282,624 2007-04-27 13:41:54 c:\program files\QuickTime\bak\qttask.exe

-c--a-w 1,773,568 2007-03-07 14:58:20 c:\program files\support.com\bin\bak\tgcmd.exe

-c--a-w 15,360 2004-08-04 10:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

-c--a-w 77,824 2005-09-20 13:32:24 c:\windows\system32\bak\hkcmd.exe
-c--a-w 77,824 2008-02-06 20:45:20 c:\windows\system32\hkcmd.exe

-c--a-w 114,688 2005-09-20 13:36:20 c:\windows\system32\bak\igfxpers.exe
-c--a-w 114,688 2008-02-06 20:45:22 c:\windows\system32\igfxpers.exe

-c--a-w 94,208 2005-09-20 13:35:40 c:\windows\system32\bak\igfxtray.exe
-c--a-w 94,208 2005-09-20 13:35:40 c:\windows\system32\igfxtray.exe

-c--a-w 122,940 2005-09-08 10:20:00 c:\windows\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ed0633c-a54d-47f1-94e7-5bded41ae674}]
2008-11-23 23:03 1784856 --a--c--- c:\program files\Free_Traffic_Bar\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b83f9c5-64b6-4afa-88b7-e1d67c25764a}]
2008-07-10 13:04 1600024 --a--c--- c:\program files\RetailMeNot\tbReta.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9b83f9c5-64b6-4afa-88b7-e1d67c25764a}"= "c:\program files\RetailMeNot\tbReta.dll" [2008-07-10 1600024]
"{0ed0633c-a54d-47f1-94e7-5bded41ae674}"= "c:\program files\Free_Traffic_Bar\tbFree.dll" [2008-11-23 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9B83F9C5-64B6-4AFA-88B7-E1D67C25764A}"= "c:\program files\RetailMeNot\tbReta.dll" [2008-07-10 1600024]
"{0ED0633C-A54D-47F1-94E7-5BDED41AE674}"= "c:\program files\Free_Traffic_Bar\tbFree.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{9b83f9c5-64b6-4afa-88b7-e1d67c25764a}]

[HKEY_CLASSES_ROOT\clsid\{0ed0633c-a54d-47f1-94e7-5bded41ae674}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-11-10 2057216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-11-10 2057216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\^.recently-used.xbel]
path=\.recently-used.xbel
backup=c:\windows\pss\.recently-used.xbelCommon Startup

[HKLM\~\startupfolder\^nightshipsdesk1024[1].jpg]
path=\nightshipsdesk1024[1].jpg
backup=c:\windows\pss\nightshipsdesk1024[1].jpgCommon Startup

[HKLM\~\startupfolder\^pyerr.log]
path=\pyerr.log
backup=c:\windows\pss\pyerr.logCommon Startup

[HKLM\~\startupfolder\^pyout.log]
path=\pyout.log
backup=c:\windows\pss\pyout.logCommon Startup

[HKLM\~\startupfolder\^s-1-5-21-722900423-538402030-44441542-1006.rrr]
path=\s-1-5-21-722900423-538402030-44441542-1006.rrr
backup=c:\windows\pss\s-1-5-21-722900423-538402030-44441542-1006.rrrCommon Startup

[HKLM\~\startupfolder\^stat.log]
path=\stat.log
backup=c:\windows\pss\stat.logCommon Startup

[HKLM\~\startupfolder\^WebVpnRegKey4-myselect-selectmedicalcorp-com.dll]
path=\WebVpnRegKey4-myselect-selectmedicalcorp-com.dll
backup=c:\windows\pss\WebVpnRegKey4-myselect-selectmedicalcorp-com.dllCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeachLifeEngSetup.exe]
c:\downlo~1\BEACHL~1.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 16:54 127022 c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a--c--- 2007-02-02 16:30 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SinglesMSetup.exe]
c:\downlo~1\SINGLE~1.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
c:\documents and settings\Kimberlee Rabenstein\Application Data\Smilebox\SmileboxTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-10-14 13:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"I&F Viewer toolbar"="c:\program files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"ThreatFire"=c:\program files\ThreatFire\TFTray.exe
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"CTCheck"=c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe" -startup
"MPFExe"=c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
"VirusScan Online"=c:\program files\McAfee.com\VSO\mcvsshld.exe
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"LogitechImageStudioTray"=c:\program files\Logitech\ImageStudio\LogiTray.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSKAGENTEXE"=c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
"MSKDetectorExe"=c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
"OASClnt"=c:\program files\McAfee.com\VSO\oasclnt.exe
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"MCAgentExe"=c:\progra~1\mcafee.com\agent\mcagent.exe
"LogitechGalleryRepair"=c:\program files\Logitech\ImageStudio\ISStart.exe
"MPSExe"=c:\progra~1\mcafee.com\mps\mscifapp.exe /embedding
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\mcupdate.exe
"LVCOMS"=c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 Start1Driver;Start1Driver;c:\windows\system32\drivers\Start1Driver.SYS [2008-12-26 3584]
R4 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R4 Start2Driver;Start2Driver;c:\windows\system32\drivers\Start2Driver.SYS [2008-12-26 4096]
R4 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [2009-01-03 29856]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2003-11-17 99476]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - SASENUM
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
c:\windows\Downloaded Program Files\OSDC5.OSD

c:\windows\system32\HotKeyDll.dll - c:\windows\system32\SignOff.wav
c:\windows\system32\return.wav
c:\windows\system32\Interrupt.wav
c:\windows\system32\Error.wav
c:\windows\system32\Tone1.wav
c:\windows\system32\Tone2.wav
c:\windows\system32\Tone3.wav
c:\windows\system32\FnetPlayer.dll
O16 -: {2CDCCD47-FB6A-42A5-8401-F19FD130005B}
hxxps://fn.probitymt.com/ehr-probity/in ... player.cab
c:\windows\Downloaded Program Files\fnetplayer.INF

c:\windows\Downloaded Program Files\sysreqlab_ind.dll - O16 -: {5727FF4C-EF4E-4d96-A96C-03AD91910448}
hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
FF - ProfilePath - c:\documents and settings\Kimberlee Rabenstein\Application Data\Mozilla\Firefox\Profiles\y4idb8i7.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/home.html
FF - plugin: c:\program files\Free Ride Games\npExentCtl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 13:11:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-01-05 13:13:42
ComboFix-quarantined-files.txt 2009-01-05 18:12:47

Pre-Run: 34,928,394,240 bytes free
Post-Run: 34,893,869,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=AlwaysOff

790 --- E O F --- 2008-12-18 08:01:09






AND THE NEW HIJACK THIS REPORT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:45 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Free Traffic Bar Toolbar - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFree.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O3 - Toolbar: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O3 - Toolbar: Free Traffic Bar Toolbar - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFree.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {2CDCCD47-FB6A-42A5-8401-F19FD130005B} (FnetPlayerCtrl Class) - https://fn.probitymt.com/ehr-probity/in ... player.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8131 bytes
alwayshopeful
Active Member
 
Posts: 10
Joined: December 28th, 2008, 9:11 pm

Re: Browser Redirecting, HijackThis Log

Unread postby Carolyn » January 5th, 2009, 3:25 pm

Hi,

I would like to see a fresh GMER log please.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post Gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Browser Redirecting, HijackThis Log

Unread postby alwayshopeful » January 5th, 2009, 9:09 pm

Here is the new gmer text



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-05 19:58:58
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwClose [0xEC41CC34]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwCreateFile [0xEC41C6AE]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwCreateKey [0xEC41CBAE]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwCreateSymbolicLinkObject [0xEC41D5C2]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwDeleteFile [0xEC41C8AE]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwDeleteKey [0xEC41CD1C]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwDeleteValueKey [0xEC41CD90]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwDuplicateObject [0xEC41D26C]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwEnumerateKey [0xEC41CF08]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwEnumerateValueKey [0xEC41CF8A]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwFlushKey [0xEC41CCA8]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwLoadKey [0xEC41D08E]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwOpenFile [0xEC41C740]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwOpenKey [0xEC41CB34]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwOpenProcess [0xEC41D3D2]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwOpenThread [0xEC41D4CA]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwQueryAttributesFile [0xEC41C7C2]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwQueryDirectoryFile [0xEC41C922]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwQueryFullAttributesFile [0xEC41C838]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwQueryInformationFile [0xEC41CA34]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwQueryKey [0xEC41CE88]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwQueryValueKey [0xEC41D00C]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwQueryVolumeInformationFile [0xEC41CAB4]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwReplaceKey [0xEC41D1F2]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwRestoreKey [0xEC41D178]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwSetInformationFile [0xEC41C9B4]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwSetInformationProcess [0xEC41D44E]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwSetInformationThread [0xEC41D546]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwSetValueKey [0xEC41CE06]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0xEC3BAF20]
SSDT \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys (X4HSX32Ex Kernel Mode Driver/Exent Technologies Ltd.) ZwUnloadKey [0xEC41D104]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEC2FE9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEC2FEA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEC2FE958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEC2FE96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEC2FEA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEC2FEA81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEC2FEAEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEC2FEAD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEC2FE9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEC2FEB1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEC2FEA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEC2FE930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEC2FE944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEC2FE9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEC2FEB57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEC2FEAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEC2FEAAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEC2FEA6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEC2FEB43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEC2FEB2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEC2FE996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEC2FE982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEC2FEA97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEC2FEA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEC2FEB05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEC2FEA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEC2FE9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 2A0 804E28FC 1 Byte [ 38 ]
.text ntoskrnl.exe!_abnormal_termination + 2A2 804E28FE 2 Bytes [ 41, EC ]
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EC2FE9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP EC2FEA31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP EC2FEAB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP EC2FE9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP EC2FE986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP EC2FEA45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP EC2FEB5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP EC2FEAF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP EC2FE934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP EC2FE9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP EC2FEA9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP EC2FEA04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP EC2FE9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP EC2FE970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP EC2FEA1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP EC2FE948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP EC2FEB1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP EC2FEADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP EC2FEA85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP EC2FEA59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EC2FE95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP EC2FE99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP EC2FEB09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP EC2FEAC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP EC2FEA6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP EC2FEB33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP EC2FEB47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys The system cannot find the file specified. !
? C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF00A1
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0086
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0075
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0FAC
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF003D
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00CD
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F87
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0103
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF00F2
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BF011E
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BF0058
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BF00B2
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[376] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BF0F6A
.text C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BE0076
.text C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BE0051
.text C:\WINDOWS\system32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F6F
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070064
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F8A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700A6
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070095
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F0D
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F1E
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 000700C1
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070F5E
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070F39
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0006005B
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[700] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0091
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F92
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF006C
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00DA
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF00C9
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F55
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F66
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BF0F3A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BF0047
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BF00AC
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BF0FDB
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BF0F77
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BE0FDB
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BE0087
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BE0022
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BE0076
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BE005B
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\lsass.exe[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0000
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A006E
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A005D
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F83
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0040
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A009A
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F52
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00BC
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F23
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00CD
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0F94
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0089
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A001B
.text C:\WINDOWS\explorer.exe[876] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00AB
.text C:\WINDOWS\explorer.exe[876] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FC0
.text C:\WINDOWS\explorer.exe[876] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290040
.text C:\WINDOWS\explorer.exe[876] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290011
.text C:\WINDOWS\explorer.exe[876] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290000
.text C:\WINDOWS\explorer.exe[876] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290F83
.text C:\WINDOWS\explorer.exe[876] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\explorer.exe[876] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290F9E
.text C:\WINDOWS\explorer.exe[876] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\explorer.exe[876] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FAF
.text C:\WINDOWS\explorer.exe[876] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\explorer.exe[876] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C000A
.text C:\WINDOWS\explorer.exe[876] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C0025
.text C:\WINDOWS\explorer.exe[876] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\explorer.exe[876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02020FEF
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D50F72
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D5005D
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D50040
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D50025
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D50014
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D50095
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D50078
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D500B7
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D500A6
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D50F03
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D50F8D
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D50F4D
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D50FA8
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D50FB9
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D50F28
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D40FAF
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D40040
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D4000A
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D40FD4
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D40025
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D40F8D
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F4, 88 ]
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D40F9E
.text C:\WINDOWS\system32\svchost.exe[892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0087
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB006C
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0F92
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0FB9
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB00B3
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0F77
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB0F3F
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB0F50
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DB00F3
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DB0051
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB001B
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DB0098
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DB002C
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DB00CE
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DA002C
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DA0F9B
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DA0011
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DA0058
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00DA003D
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DA0FC0
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02A8000A
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02A80F3A
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02A80F4B
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02A80F5C
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02A80F79
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02A80F9E
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02A80EF3
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02A80F0E
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02A80082
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02A80071
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02A80093
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02A80025
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02A80FE5
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02A80F1F
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02A80FC3
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02A80FD4
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02A80056
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02A60025
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02A60051
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02A60FD4
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02A60000
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02A60040
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02A60FEF
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02A60F9E
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ C6, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02A60FB9
.text C:\WINDOWS\System32\svchost.exe[1056] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02A40000
.text C:\WINDOWS\System32\svchost.exe[1056] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02A70FE5
.text C:\WINDOWS\System32\svchost.exe[1056] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02A70000
.text C:\WINDOWS\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02A7001B
.text C:\WINDOWS\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02A70FD4
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F8D
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650082
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650FA8
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650FC3
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F46
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F57
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500C4
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500B3
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00650F10
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00650065
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00650F72
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00650014
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00650F35
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640014
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00640F8D
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0064004A
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00640FA8
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0080
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0F81
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0F92
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0FB9
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0051
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0F5F
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0F70
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0F18
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D0F29
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 009D00C2
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 009D0FD4
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009D0011
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 009D009B
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 009D0036
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 009D0F4E
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009C0FA8
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009C0F8D
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009C004A
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 009C002F
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009C0014
.text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30F6D
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C30062
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30F88
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30047
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C3002C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C3009F
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C3008E
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C30F1E
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C300C1
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C300D2
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C30FA5
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C3007D
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C30FC0
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C3001B
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C300B0
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009D002C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009D0062
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009D0011
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009D0F9B
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 009D003D
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009D0FB6
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 009E0022
.text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 009E003D
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1676] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.14 ----

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [656] 0x10000000

---- EOF - GMER 1.0.14 ----
alwayshopeful
Active Member
 
Posts: 10
Joined: December 28th, 2008, 9:11 pm

Re: Browser Redirecting, HijackThis Log

Unread postby Carolyn » January 6th, 2009, 5:09 pm

Hi,

That is looking much better.

Upload files for scanning
I'd like you to check some files for malware.
c:\windows\system32\drivers\Start1Driver.SYS
c:\windows\system32\drivers\Start2Driver.SYS

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.

---------------------------------------------------------------------

Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!

---------------------------------------------------------------------

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

---------------------------------------------------------------------

Please post the following in your next reply:
  • The VirusTotal results
  • The Kaspersky log
  • A fresh HijackThis log
  • A description of how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Browser Redirecting, HijackThis Log

Unread postby alwayshopeful » January 7th, 2009, 9:59 pm

Sorry about the delay, I am unable to get Java to work while using Internet Explorer. It works just fine with Firefox though. I tried completely uninstalling and reinstalling it but that doesnt help either. I have checked all of the setting and everything is set up correctly but it still wont work. Other than that, the computer appears to be running well. The browser no longer redirects and Mcafee was able to complete its update.

Below are the logs you reqested.


Virus Total -

File Start1Driver.SYS received on 01.06.2009 23:41:18 (CET)Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 TR/Rootkit.Gen
Authentium 5.1.0.4 2009.01.06 -
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.05 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 878 2009.01.05 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.05 -
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.576 2009.01.05 -
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5486 2009.01.05 -
Microsoft 1.4205 2009.01.06 -
NOD32 3741 2009.01.05 -
Norman 5.80.02 2009.01.06 W32/Rootkit.ABFA
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.05 -
Prevx1 V2 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.05 Trojan.Rootkit.Gen
Sophos 4.37.0 2009.01.06 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.209 2009.01.06 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.06 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -

Additional information
File size: 3584 bytes
MD5...: 9fc914dbe522aad153f9512a7565cdef
SHA1..: 30f8ecb09877632f91979b59e212b1edba28e1f5
SHA256: 51b16e0b8f16a81135724a5f3b9aada14dcc30c38c2c55f1b4c7265f15664731
SHA512: c1ac6dc8d260a0cd94204109abec191d1b708aa6dfae68c9a7265c5ed5d8b6b8<BR>5d6eb609b687a4d43c564eeac42754a99fab03d53ed1c3377a8f37019ab51665<BR>
ssdeep: 24:etGSG5kRNv7wV8Jr8AdnVwnIH/HcYPQKUXaJxygQOK:6G5M9cVGrtzZ/HcrKc<BR>u<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x11130<BR>timedatestamp.....: 0x49480511 (Tue Dec 16 19:44:17 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x290 0x400 4.18 7c6c1e4b81b4c313ff9df478e745c5ce<BR>.rdata 0x2000 0xc8 0x200 1.57 9519323d790779aafc70f474b7120f3f<BR>.data 0x3000 0x4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>INIT 0x4000 0xec 0x200 2.56 4fc815113433662b400cc947a1290682<BR>.reloc 0x5000 0xa4 0x200 0.51 27473eee1fd06f1e77d82fbbefb64fe8<BR><BR>( 1 imports ) <BR>&gt; ntoskrnl.exe: ZwSetInformationFile, ZwClose, ZwCreateFile, ExFreePool, ExAllocatePoolWithTag, ZwEnumerateValueKey, ZwOpenKey, RtlInitUnicodeString<BR><BR>( 0 exports ) <BR>
CWSandbox info: &lt;a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9fc914dbe522aad153f9512a7565cdef' target='_blank'&gt;http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9fc914dbe522aad153f9512a7565cdef&lt;/a&gt;
ThreatExpert info: &lt;a href='http://www.threatexpert.com/report.aspx?md5=9fc914dbe522aad153f9512a7565cdef' target='_blank'&gt;http://www.threatexpert.com/report.aspx?md5=9fc914dbe522aad153f9512a7565cdef&lt;/a&gt;



File Start2Driver.SYS received on 01.07.2009 00:01:43 (CET)Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 -
Authentium 5.1.0.4 2009.01.06 -
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 -
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.578 2009.01.06 -
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.06 -
NOD32 3744 2009.01.06 -
Norman 5.80.02 2009.01.06 -
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.06 -
Prevx1 V2 2009.01.07 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 -
Sophos 4.37.0 2009.01.06 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.209 2009.01.06 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.06 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -

Additional information
File size: 4096 bytes
MD5...: ae0af823c1fb9f69b569f8960e601f2e
SHA1..: 175976ac23133cd18ad534e6f1ed38345753817e
SHA256: 39ab5a837d48ac752320297dc96e6e4edf4dcce779c168aef96fb77ff8f24e60
SHA512: f0b9aeeee4fb9a0428ac0f392dae5bba906a98a7b7c6850707a0adc996321e94<BR>5268acb117c903dfa2dd3a78871cce181d9dd5f9ba05dbd0d91e144c797dc2c2<BR>
ssdeep: 24:etGSdZy63lMwXRJlzIPp8WzQzElANWQKUXSOaygQWEYjYSpRc6RKtCR7h+C:6<BR>TymMMRJoeVKcpSstY<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x11070<BR>timedatestamp.....: 0x4948379b (Tue Dec 16 23:19:55 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1d0 0x200 5.20 15d485f0ed75e45e1dd66bda86437c3e<BR>.rdata 0x2000 0x140 0x200 2.28 6cb17be096eb1ee2dc91ed00754d253e<BR>.data 0x3000 0x4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>INIT 0x4000 0xd4 0x200 2.31 8145bac12c133cee8bd0349664f1e180<BR>.rsrc 0x5000 0x218 0x400 2.93 15c64abfd65b2e6546cf42f0a342159e<BR>.reloc 0x6000 0xac 0x200 0.50 25e089ecbf725192ccd40539edbe0725<BR><BR>( 1 imports ) <BR>&gt; ntoskrnl.exe: ZwClose, ZwDeleteValueKey, ZwOpenKey, ExFreePool, ExAllocatePoolWithTag, ZwEnumerateValueKey, RtlInitUnicodeString<BR><BR>( 0 exports ) <BR>
ThreatExpert info: &lt;a href='http://www.threatexpert.com/report.aspx?md5=ae0af823c1fb9f69b569f8960e601f2e' target='_blank'&gt;http://www.threatexpert.com/report.aspx?md5=ae0af823c1fb9f69b569f8960e601f2e&lt;/a&gt;




Hijack this -

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Free Traffic Bar Toolbar - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFree.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O3 - Toolbar: Free Traffic Bar Toolbar - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFree.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
O4 - HKCU\..\RunOnce: [DependencyCheck] Performed
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {2CDCCD47-FB6A-42A5-8401-F19FD130005B} (FnetPlayerCtrl Class) - https://fn.probitymt.com/ehr-probity/in ... player.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/ ... dl.sun.com
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9077 bytes




Kaspersky log -

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 81839
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:40:33


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\msqpdxrbjykudo.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.ivf 1

The selected area was scanned.
alwayshopeful
Active Member
 
Posts: 10
Joined: December 28th, 2008, 9:11 pm

Re: Browser Redirecting, HijackThis Log

Unread postby Carolyn » January 9th, 2009, 12:10 pm

Hi,

Let's run one more CFScript

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
KILLALL::

File::
c:\windows\system32\drivers\Start1Driver.SYS
c:\windows\system32\drivers\Start2Driver.SYS


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


-------------------------------------------------------

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

-------------------------------------------------------

Please post the following in your next reply:
  • The ComboFix log
  • The Uninstall List
  • A fresh HijackThis log
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware