Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus? denying access to security websites and redirecting

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus? denying access to security websites and redirecting

Unread postby JohnnyB » June 4th, 2010, 12:36 pm

Hi, I have a problem that stared after my McAfee expired with my comcast service. I tried to sign up for their new security package and noticed their was a screen that said Symantec was unavailable. I soon noticed that I was denied access to most major security websites. Now when I do a search in firefox I am redirected to a different site totally unrelated to the site address I clicked on.

I downloaded HiJackThis after several attempts on different websites. I tried to fix several items but after rebooting they reappear on a new scan.

I am not very computer literate and would appreciate any help you can offer.

Sincerely,
John Barnes

Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Advertisement Service
Age of Mythology Gold
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Mobile Device Support
Apple Software Update
Bonjour
Caesar II
CardRd81
CCScore
Compatibility Pack for the 2007 Office system
Conexant SmartHSFi V.9x 56K DF PCI Modem
Coupon Printer for Windows
CR2
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support 5.0.0 (766)
Digital Line Detect
eMusic Remote 1.0
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvcpt
ESSvpaht
ESSvpot
FileVOoM Pro 2.5
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HiJackThis
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp instant support
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
HTML Executable IERuntime
HTML Slideshow Powertoy for Windows XP
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Kodak EasyShare software
KSU
LiveUpdate 1.7 (Symantec Corporation)
McAfee Security Scan
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Baseline Security Analyzer 1.2
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (0.8.)
Mozilla Firefox (3.6)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
MusicNow
National Mortgage Lending CompuCram
NetWaiting
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Performance Platform Voguecash
Personal Color Viewer 2.0
Premium Quote
QuickTime
RealOne Player
Risk II
S.P.Q.R.
Sansa Updater
Seagate Manager Installer
Seagate Manager Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SFR
SFR2
SHASTA
Shockwave
Sierra On-Line Games (Remove only)
Sierra Utilities
SKIN0001
SKINXSDK
Sky-Banners browser enhancer
Spybot - Search & Destroy
SpywareBlaster v3.5.1
StartupMonitor
The Bible Collection Installer
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter FX (MXO)
Viewpoint Media Player
VPRINTOL
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Release Candidate 1
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
WordPerfect Office 11

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:17 AM, on 6/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Johnny Pants\Application Data\a29fde91.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEProxyHelperObj Class - {43DF16FD-D9ED-4c9e-B14A-F3236A12C649} - C:\Program Files\MusicNow\IEProxyHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_NtLoad@0
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_NtLoad@0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-3421737910-4184953343-4005068239-501\..\Run: [Sonic RecordNow!] (User 'Guest')
O4 - HKUS\S-1-5-21-3421737910-4184953343-4005068239-501\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Guest')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.classmates.com
O15 - Trusted Zone: http://www.classmates.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{483BA6C5-D4E3-4FA0-A9BA-0E93C1A5131E}: NameServer = 93.188.162.167,93.188.166.198
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.167,93.188.166.198
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.162.167,93.188.166.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.167,93.188.166.198
O20 - Winlogon Notify: 707ff7f2922 - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9obm55IFBhbnRz\command.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Command Service (kkkkk) - Unknown owner - C:\WINDOWS\Sm9obm55IFBhbnRz\command.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

--
End of file - 8732 bytes
JohnnyB
Regular Member
 
Posts: 30
Joined: June 4th, 2010, 11:50 am
Advertisement
Register to Remove

Re: Virus? denying access to security websites and redirecti

Unread postby Airscape » June 7th, 2010, 11:43 am

Hello JohnnyB... welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
The logs can take a while to research. Please be patient with me.

Take note of the following before we begin:
  • Post to this thread only and please stick to it until you are given an All Clean. Absence of symptoms does not mean that your computer is clean.
  • The instructions I give are for This computer only and should not be used on any other pc.
  • Do NOT run any tools/scans unless I instruct you to.
  • Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
  • If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
  • If you have any problems, please stop and ask before proceeding with any fixes.
  • ALL USERS OF THIS FORUM MUST READ THIS FIRST

Note: As I'm still in training here at MRU everything I post must be checked by an expert first. So there may be a slight delay in between posts.

Important:
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any important files and folders that you don't want to lose before we start.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Virus? denying access to security websites and redirecti

Unread postby JohnnyB » June 7th, 2010, 10:55 pm

Hi Airscape:

Should we change our internet banking passwords, etc. We have not used this computer for any type of purchases or banking since the virus became apparent.

Thanks,
John
JohnnyB
Regular Member
 
Posts: 30
Joined: June 4th, 2010, 11:50 am

Re: Virus? denying access to security websites and redirecti

Unread postby Airscape » June 7th, 2010, 11:01 pm

Hi John,

yes it would be wise to, I'm afraid I can't offer any more advice yet as I'm still in training, hopefully I'll be able to make the post soon.

Thank you for your patience. :)
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Virus? denying access to security websites and redirecti

Unread postby Airscape » June 8th, 2010, 6:30 am

Please take note of the following topic:

Attention: Windows XP and Vista Users! (may need to scroll down slightly)
Support for Windows XP with Service Pack 2 (SP2) will end on July 13, 2010. To continue support, make sure you've installed Windows XP Service Pack 3 (SP3).

Once the operating system (OS) is unsupported it won't receive any security updates and will be wide open for infection, leaving the only option but to reformat and reinstall the OS.

IMPORTANT: The above mentioned Service Packs should only be installed on a malware free computer.

So in light of the above, don't try and update to Windows SP3 yet, wait untill your pc is clean. Then you MUST install the latest Service Pack.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uninstall programs
Click Start > Control Panel > Add/Remove Programs
Click on the Programs listed below in red.
Click Remove etc...
(Don't worry if any are missing)


Performance Platform Voguecash
Sky-Banners browser enhancer
Spybot - Search & Destroy
Ad-Aware SE Personal
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Advertisement Service
Coupon Printer for Windows
Adobe Reader 8.1.2
Uniblue RegistryBooster 2


Reboot (Restart) the computer

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

------------------------------------------

TFC(Temp File Cleaner)
  • Please download TFC to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Do not be alarmed if your desktop icons disappear/reappear.
  • Double-click TFC.exe to run the program.
  • Click the Start button in bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted.
It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

------------------------------------------

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click finish.
  • If an update is found, it will download and install the latest version. Or click the Update tab in MBAM.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post this log in your next reply.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • If asked to restart the computer to finish cleaning, please do so.
  • Failure to reboot will prevent MBAM from removing all the malware.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

If you receive an (Error Loading) error on reboot, please reboot a second time.
It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.


------------------------------------------

Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time protection so your security program's will not conflict with Gmer.
  • Click on this link to see a list of programs that should be disabled.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. UNCHECK the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries

Do not run any programs while Gmer is running.

------------------------------------------

Logs/information to post in next reply:
  • MBAM log
  • GMER log
  • How is the pc running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Virus? denying access to security websites and redirecti

Unread postby JohnnyB » June 8th, 2010, 6:04 pm

I'm a little concerned, I submitted a response this morning around 7:30 Chicago time and it does not appear.

The computer seems to be running ok, but we are not using it. I am not being redirected from security websites, which is a positive note.

Below are the logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4178

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18372

6/8/2010 7:03:49 AM
mbam-log-2010-06-08 (07-03-49).txt

Scan type: Quick scan
Objects scanned: 132892
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\notepad.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.FakeAlert) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.167,93.188.166.198 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{483ba6c5-d4e3-4fa0-a9ba-0e93c1a5131e}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.167,93.188.166.198 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\neekyxwh.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Desktop\MyFunCardsSetup2.3.50.56.ZUfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\My Documents\downloads\explorer.com (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465755.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146111103.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146103110.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_4.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146101105.rx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Tasks\MSWD-a29fde91.job (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Start Menu\Programs\Startup\scandisk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\notepad.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\LocalService\ntload.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\I93qG93.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\G9iQ7w3.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\GM1gMY1cE.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\GM31w9u.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\QG9i17.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\IQG55.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\IQG9317e.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\K31gM31wS.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\KU5mY.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\M17w3u79.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\M17wS1e9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MYW9u17i.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\O7o317.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\O7oC1s.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\OC9s1e.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\OCEIQGMY9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\QG7iQGMY.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Application Data\a29fde91.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\QGM17wS.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\UOCE1a.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ernel32.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\AAAA3k7y.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\AAAAA17e.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\C317931cE.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\C7sK17.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\EI793qG9.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\G1iQG17a.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\G31aA31e9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-08 07:46:29
Windows 5.1.2600 Service Pack 2
Running: 0pnoz39s.exe; Driver: C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\awtoapow.sys


---- System - GMER 1.0.15 ----

SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF741ECEF]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB1DF878A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB1DF8821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB1DF8738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB1DF874C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB1DF8835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB1DF8861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB1DF88CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB1DF88B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB1DF87CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB1DF88FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB1DF880D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB1DF8710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB1DF8724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB1DF879E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB1DF8937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB1DF88A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB1DF888D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB1DF884B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB1DF8923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB1DF890F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB1DF8776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB1DF8762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB1DF8877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB1DF87F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB1DF88E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB1DF87E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB1DF87B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F8B9D 7 Bytes JMP B1DF87B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80567D6A 5 Bytes JMP B1DF8811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056B343 7 Bytes JMP B1DF8891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056BFA7 5 Bytes JMP B1DF8766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8056EA01 5 Bytes JMP B1DF8825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 8056EE18 7 Bytes JMP B1DF893B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8056F10F 7 Bytes JMP B1DF88D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056FE58 5 Bytes JMP B1DF878E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80572159 5 Bytes JMP B1DF87E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805725D4 7 Bytes JMP B1DF87CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80572F6E 5 Bytes JMP B1DF8714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057331D 7 Bytes JMP B1DF87A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80573EF5 7 Bytes JMP B1DF887B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057FDEC 7 Bytes JMP B1DF88BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805820F6 7 Bytes JMP B1DF8750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805849B4 5 Bytes JMP B1DF87FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058FCDD 5 Bytes JMP B1DF8728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805908B8 5 Bytes JMP B1DF88FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 8059295F 7 Bytes JMP B1DF8865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80594F21 7 Bytes JMP B1DF8839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B246F 5 Bytes JMP B1DF873C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062C7FB 5 Bytes JMP B1DF877A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064C488 5 Bytes JMP B1DF8913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064C761 7 Bytes JMP B1DF88E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064D043 7 Bytes JMP B1DF88A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064D48B 7 Bytes JMP B1DF884F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064D97E 5 Bytes JMP B1DF8927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? mdbpa.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE0000
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CE009F
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CE008E
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CE007D
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CE006C
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CE0040
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CE0F8F
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CE0F4D
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CE00E6
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CE0F32
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CE0051
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CE001B
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CE00BA
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CE00CB
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00CD006C
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00CD001B
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00CD0000
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00CD0051
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00CD0FAF
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00CD0036
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0F97
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0022
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FBC
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0000
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0011
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0FE3
.text C:\WINDOWS\System32\svchost.exe[440] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\System32\svchost.exe[440] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00CB0000
.text C:\WINDOWS\System32\svchost.exe[440] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00CB0FC0
.text C:\WINDOWS\System32\svchost.exe[440] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00CB0FA5
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B00F77
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B00F88
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B00062
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B00FA5
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B00FCA
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B00098
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B00087
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B000CE
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B000BD
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B00F1A
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B00051
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B00F5C
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B00036
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B00025
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B00F3F
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00070FD1
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0007008E
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00070073
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060042
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060031
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0006000C
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FB7
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FD2
.text C:\WINDOWS\system32\services.exe[516] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[516] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[516] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[516] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[516] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FC00A2
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FC0FAD
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FC0087
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FC0076
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FC0F77
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FC0F88
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FC0F37
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FC0F52
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00FC00EB
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00FC00B3
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00FC0051
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00FC00D0
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00FB0FB2
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00FB0054
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00FB0FCD
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00FB0FDE
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00FB0039
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00FB0028
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00FB0F97
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA0078
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA0053
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA001D
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA000C
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA0038
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA0FE3
.text C:\WINDOWS\system32\lsass.exe[528] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\lsass.exe[528] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[528] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\system32\lsass.exe[528] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\lsass.exe[528] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E00065
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E00054
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E00F70
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E00F8D
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E00FB2
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E00F29
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E00F44
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E000AA
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E00F07
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E00EEC
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E00039
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E00FDE
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E00F55
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E00FCD
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E0001E
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E00F18
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00DF0040
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00DF0091
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00DF0025
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00DF0014
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00DF0FCA
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00DF006C
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00DF005B
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE004E
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0FC3
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FDE
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE000C
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0029
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[676] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[676] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00DC0FDE
.text C:\WINDOWS\system32\svchost.exe[676] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00DC0FCD
.text C:\WINDOWS\system32\svchost.exe[676] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00DC0014
.text C:\WINDOWS\system32\svchost.exe[676] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011A0FEF
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 011A007D
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 011A0062
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 011A0F88
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 011A0FAF
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 011A003D
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 011A0F41
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 011A0F5C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011A0F15
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011A00AE
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 011A00C9
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 011A0FC0
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 011A000A
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 011A0F6D
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 011A002C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 011A001B
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 011A0F30
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01190FB9
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 0119005B
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 01190FCA
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 01190FE5
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0119004A
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0119000A
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01190025
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01190FA8
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01180070
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!system 77C293C7 5 Bytes JMP 01180055
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01180044
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0118000C
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01180FE5
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01180029
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 01160FEF
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 01160FDE
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 01160FCD
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 01160014
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01170000
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C00084
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C00069
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C00F8F
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C00058
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C00047
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C000B2
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C00F6A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C00F37
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C00F48
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C00F26
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C00FC0
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C00095
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C00036
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C00F59
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00BF0F9B
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00BF0062
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00BF0047
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0055
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0029
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0044
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE000C
.text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BD0000
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0281000A
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0281006C
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02810F81
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02810F9E
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02810FAF
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02810036
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 028100A4
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0281007D
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 028100DA
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 028100BF
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 028100F5
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02810047
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02810FE5
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02810F5C
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02810025
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02810FD4
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02810F41
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 0270001B
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 02700F68
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 02700FCA
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 02700FDB
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 02700F83
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 02700000
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 02700F94
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 02700FAF
.text C:\WINDOWS\System32\svchost.exe[988] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[988] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00AE000A
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026F0F97
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 026F0022
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026F0FC6
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026F0000
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026F0011
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026F0FD7
.text C:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 02550FEF
.text C:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 02550014
.text C:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 02550025
.text C:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 02550036
.text C:\WINDOWS\System32\svchost.exe[988] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 026E0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008F00A9
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008F008E
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008F0FB4
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008F0FD1
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008F0062
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008F0F72
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008F0F83
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008F0104
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008F00DF
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008F011F
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008F007D
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008F001B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008F00BA
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008F003D
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008F002C
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008F0F61
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008E0FDE
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008E006F
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008E001B
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008E0FB2
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008E0FCD
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008E004A
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0038
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0FAD
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D001D
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0FE3
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0FC8
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D000C
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 008C0FDE
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 008C0FCD
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 008C001E
.text C:\WINDOWS\Explorer.EXE[1228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1228] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1228] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02390FEF
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02390F55
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0239004A
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0239002F
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02390F72
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02390FA8
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02390F27
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0239006F
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02390EEA
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02390EFB
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 023900A8
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02390F8D
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02390FD4
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02390F44
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02390FB9
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0239000A
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02390F0C
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 02380FC3
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 02380065
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 02380014
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 02380FDE
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 02380054
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 02380FEF
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 02380039
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 02380FB2
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0227003D
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!system 77C293C7 5 Bytes JMP 02270FB2
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02270011
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02270FEF
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02270022
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02270000
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 02250000
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 02250011
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 02250FDB
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 02250022
.text C:\WINDOWS\Explorer.EXE[1228] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02260FEF
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009F0F4E
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009F0F69
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009F0043
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009F0032
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009F0FA1
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009F0080
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009F006F
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009F0F02
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009F0F13
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009F00AC
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009F0F90
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009F005E
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009F0FB2
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009F0FC3
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!WinExec 7C86158D 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009F0091
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009E0F8D
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 009E0025
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 009E000A
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 009E0F9E
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 009E0FB9
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 009E0040
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009D0FBC
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!system 77C293C7 5 Bytes JMP 009D0FCD
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009D0033
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009D0018
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 001B0000
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 001B001B
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 001B002C
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 001B003D
.text C:\WINDOWS\System32\svchost.exe[1296] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009C0000
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B00000
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B00F9E
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B00FAF
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B0007D
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B00FC0
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B00051
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B00F6B
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B00F7C
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B000DF
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B000C4
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B000F0
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B00062
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B00011
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B00F8D
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B00FDB
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B00036
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B00F50
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00AF0025
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00AF0F94
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00AF0FD4
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00AF0051
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00AF0FB9
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00AF0040
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE0F92
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE001D
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE0FB7
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE000C
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE0FD2
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00AC0000
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00AC001B
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\System32\svchost.exe[1356] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AD0000
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D0000
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009D0078
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009D0067
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009D0056
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009D002F
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009D0FA8
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009D0F46
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009D0F57
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009D0F2B
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009D00BA
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009D00D5
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009D0F8D
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009D0FDB
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009D0F68
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009D0FB9
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009D00A9
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008F0FDE
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008F0FA8
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008F002F
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008F0014
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008F0065
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008F0054
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008F0FCD
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008E0FB7
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!system 77C293C7 5 Bytes JMP 008E0042
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008E0027
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008E0FD2
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008E000C
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 008C0FD4
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 008C000A
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 008C0FAF
.text C:\WINDOWS\System32\svchost.exe[1588] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008D0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1812] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1812] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
JohnnyB
Regular Member
 
Posts: 30
Joined: June 4th, 2010, 11:50 am

Re: Virus? denying access to security websites and redirecti

Unread postby Airscape » June 8th, 2010, 9:58 pm

Hi :)


ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe ---- use Internet Explorer for this link -> right click and select "save target as"


**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open. Post the contents of that file in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logs/information to post in next reply:
  • C:\ComboFix.txt
  • C:\Qoobox\Add-Remove Programs.txt
  • How is the pc running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Virus? denying access to security websites and redirecti

Unread postby JohnnyB » June 9th, 2010, 9:15 am

Hi:

The computer is doing some unusual things. This is my 3rd time trying to respond. The first message never appeared after submitting it, and the 2nd message disappeared as I was writing it. This time I am writing it in WORD and I’m going to try to quickly cut and paste it.

I downloaded ComboFix and the following message appeared in a small box:
The program GrpConv has registered the executable grpconv-o to run at start up. Do you wish to allow the change?

I left the box open sinc you did not mention it and I thought it may be a virus.

ComboFix installed Microsoft Windows Recovery Console and then ran the scan. The scan stop and the following message appeared on a blue screen:

BAD_POOL_CALLER
Technical information
***STOP: 0x000000C2 (0x00000007, 0x00000CD4, 0x00000000, 0x80561BE4)
A problem has been detected and windows has been shut down to prevent damage to your computer.

Sorry for the bad news,
John
JohnnyB
Regular Member
 
Posts: 30
Joined: June 4th, 2010, 11:50 am

Re: Virus? denying access to security websites and redirecti

Unread postby JohnnyB » June 9th, 2010, 9:17 am

Also tried to run C:\Qoobox\Add-Remove Programs.txt and a box appeared with the message " Windows can not find C:\Qoobox\Add-Remove Programs.txt.

John
JohnnyB
Regular Member
 
Posts: 30
Joined: June 4th, 2010, 11:50 am

Re: Virus? denying access to security websites and redirecti

Unread postby Airscape » June 9th, 2010, 7:57 pm

OK, no problem.

Which security software do you use/active etc?



TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: only run this fix once.
  • Highlight and copy the text in the codebox below, Do not include the word Code:
    Code: Select all
    "%userprofile%\Desktop\TDSSKiller.exe" -v
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
  • After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
  • a log file should be created on your C: drive named something like TDSSKiller 2.1.1 Dec 20 2009 02:40:02
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Security Application Check
  • Please download SecurityCheck.exe by screen317 from Here or Here and save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply with the TDSSKiller log.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Virus? denying access to security websites and redirecti

Unread postby JohnnyB » June 11th, 2010, 9:28 am

Hi Airscape:

After running the TDSSKiller I was able to access security websites. This solved my original problem; I was unable to download the Comcast' new security suite from Norton. At the time my computer was unprotected, as my Mcafee subscription had expired. After downloaded Norton it scan the computer for about an hour and a half and found 6 "risks" which it fixed. The computer seems to be running good now and it is protected.

Thanks for all your help,
John
JohnnyB
Regular Member
 
Posts: 30
Joined: June 4th, 2010, 11:50 am

Re: Virus? denying access to security websites and redirecti

Unread postby Airscape » June 11th, 2010, 8:51 pm

If you still need help from me, please post the logs.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Virus? denying access to security websites and redirecti

Unread postby JohnnyB » June 11th, 2010, 9:18 pm

Hi Airscape:

I don't know if the logs from Norton will help in working through other peoples' problems, but I've included them below.

Thanks again for your help,
John

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action
6/11/2010 8:06 PM,High,stxmenumgr.exe (Trojan.Gen) detected by Virus scanner and Auto-Protect,Quarantined,Resolved - No Action
6/11/2010 7:00 PM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Removed,Resolved - No Action
6/11/2010 7:00 PM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 7:00 PM,High,hki98945.exe (hki98945.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 12:51 PM,High,hki76833.exe (hki76833.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 11:00 AM,High,a0004373.dll (Trojan Horse) detected by Auto-Protect,Quarantined,Resolved - No Action
6/11/2010 10:49 AM,High,hki69531.exe (hki69531.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 9:38 AM,Medium,a0004372.exe (CoreGuardAntivirus2009) detected by Auto-Protect,Quarantined,Resolved - No Action
6/11/2010 9:38 AM,High,a0004372.exe (Trojan.FakeAV!gen30) detected by Auto-Protect,Quarantined,Resolved - No Action
6/11/2010 8:48 AM,High,hki62259.exe (hki62259.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 6:47 AM,High,hki55014.exe (hki55014.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 4:47 AM,High,hki47779.exe (hki47779.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 4:47 AM,High,hki47748.exe (hki47748.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 1:48 AM,High,hki37017.exe (hki37017.exe) detected by SONAR,Quarantined,Resolved - No Action
6/10/2010 12:55 PM,Low,to be lover billy idol [club mix].mp3 (Adware.ZangoSearch) detected by Virus scanner and Auto-Protect,Quarantined,Resolved - No Action
6/10/2010 11:29 AM,High,gjzebllu.dll (Trojan Horse) detected by Virus scanner,Quarantined,Resolved - No Action
6/10/2010 10:35 AM,High,dpnmodem32.dll (Trojan Horse) detected by Virus scanner,Quarantined,Resolved - No Action
6/10/2010 10:31 AM,High,amercia beautiful ray charles (new remix).au (Trojan.Brisv.A) detected by Virus scanner,Quarantined,Resolved - No Action
6/10/2010 10:01 AM,High,gotnewupdate000.exe (Trojan.FakeAV!gen30) detected by Virus scanner,Removed,Resolved - No Action
6/10/2010 9:59 AM,Medium,gotnewupdate000.exe (CoreGuardAntivirus2009) detected by Virus scanner,Quarantined,Resolved - No Action
6/10/2010 8:53 AM,High,amercia beautiful ray charles (new album).mp3 (Trojan.Brisv.A) detected by Auto-Protect,Quarantined,Resolved - No Action
6/10/2010 7:59 AM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Removed,Resolved - No Action
6/10/2010 7:58 AM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Quarantined,Resolved - No Action
6/10/2010 7:58 AM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Quarantined,Resolved - No Action
6/10/2010 7:57 AM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Quarantined,Resolved - No Action
6/10/2010 7:39 AM,High,tvhs16xhl.com (tvhs16xhl.com) detected by SONAR,Quarantined,Resolved - No Action


Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action
6/11/2010 8:06 PM,High,stxmenumgr.exe (Trojan.Gen) detected by Virus scanner and Auto-Protect,Quarantined,Resolved - No Action
6/11/2010 7:00 PM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 7:00 PM,High,hki98945.exe (hki98945.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 12:51 PM,High,hki76833.exe (hki76833.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 11:00 AM,High,a0004373.dll (Trojan Horse) detected by Auto-Protect,Quarantined,Resolved - No Action
6/11/2010 10:49 AM,High,hki69531.exe (hki69531.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 9:38 AM,Medium,a0004372.exe (CoreGuardAntivirus2009) detected by Auto-Protect,Quarantined,Resolved - No Action
6/11/2010 9:38 AM,High,a0004372.exe (Trojan.FakeAV!gen30) detected by Auto-Protect,Quarantined,Resolved - No Action
6/11/2010 8:48 AM,High,hki62259.exe (hki62259.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 6:47 AM,High,hki55014.exe (hki55014.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 4:47 AM,High,hki47779.exe (hki47779.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 4:47 AM,High,hki47748.exe (hki47748.exe) detected by SONAR,Quarantined,Resolved - No Action
6/11/2010 1:48 AM,High,hki37017.exe (hki37017.exe) detected by SONAR,Quarantined,Resolved - No Action
6/10/2010 12:55 PM,Low,to be lover billy idol [club mix].mp3 (Adware.ZangoSearch) detected by Virus scanner and Auto-Protect,Quarantined,Resolved - No Action
6/10/2010 11:29 AM,High,gjzebllu.dll (Trojan Horse) detected by Virus scanner,Quarantined,Resolved - No Action
6/10/2010 10:35 AM,High,dpnmodem32.dll (Trojan Horse) detected by Virus scanner,Quarantined,Resolved - No Action
6/10/2010 10:31 AM,High,amercia beautiful ray charles (new remix).au (Trojan.Brisv.A) detected by Virus scanner,Quarantined,Resolved - No Action
6/10/2010 9:59 AM,Medium,gotnewupdate000.exe (CoreGuardAntivirus2009) detected by Virus scanner,Quarantined,Resolved - No Action
6/10/2010 8:53 AM,High,amercia beautiful ray charles (new album).mp3 (Trojan.Brisv.A) detected by Auto-Protect,Quarantined,Resolved - No Action
6/10/2010 7:58 AM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Quarantined,Resolved - No Action
6/10/2010 7:58 AM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Quarantined,Resolved - No Action
6/10/2010 7:57 AM,High,8a12u55x.exe (8a12u55x.exe) detected by SONAR,Quarantined,Resolved - No Action
6/10/2010 7:39 AM,High,tvhs16xhl.com (tvhs16xhl.com) detected by SONAR,Quarantined,Resolved - No Action
JohnnyB
Regular Member
 
Posts: 30
Joined: June 4th, 2010, 11:50 am

Re: Virus? denying access to security websites and redirecti

Unread postby Airscape » June 11th, 2010, 10:04 pm

The pc isn't clean yet, if you still need help post the TDSSKiller and Security Check logs you ran previously, otherwise let me know.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Virus? denying access to security websites and redirecti

Unread postby JohnnyB » June 12th, 2010, 2:20 pm

Hi Airscape:

I thought the computer was clean after the Norton scan, but if you feel it is not I’ll take your advice. The logs are posted below.

Thanks for your help,
John


06:26:15:750 3440 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
06:26:15:750 3440 ================================================================================
06:26:15:750 3440 SystemInfo:

06:26:15:750 3440 OS Version: 5.1.2600 ServicePack: 2.0
06:26:15:750 3440 Product type: Workstation
06:26:15:750 3440 ComputerName: DDSQNL41
06:26:15:750 3440 UserName: Johnny Pants
06:26:15:750 3440 Windows directory: C:\WINDOWS
06:26:15:750 3440 Processor architecture: Intel x86
06:26:15:750 3440 Number of processors: 1
06:26:15:750 3440 Page size: 0x1000
06:26:15:765 3440 Boot type: Normal boot
06:26:15:765 3440 ================================================================================
06:26:16:156 3440 Initialize success
06:26:16:156 3440
06:26:16:156 3440 Scanning Services ...
06:26:16:718 3440 Raw services enum returned 357 services
06:26:16:718 3440
06:26:16:734 3440 Scanning Drivers ...
06:26:17:703 3440 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
06:26:17:812 3440 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:26:17:953 3440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:26:18:078 3440 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
06:26:18:281 3440 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
06:26:18:484 3440 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
06:26:18:687 3440 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
06:26:18:937 3440 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
06:26:19:531 3440 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
06:26:19:718 3440 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
06:26:19:906 3440 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
06:26:20:093 3440 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
06:26:20:281 3440 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
06:26:20:468 3440 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
06:26:20:656 3440 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
06:26:20:828 3440 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
06:26:21:359 3440 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
06:26:21:921 3440 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
06:26:22:421 3440 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
06:26:22:859 3440 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:26:23:312 3440 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:26:23:781 3440 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:26:24:125 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:26:24:359 3440 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
06:26:24:625 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:26:26:078 3440 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
06:26:26:375 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:26:26:734 3440 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
06:26:26:968 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:26:27:234 3440 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
06:26:27:515 3440 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:26:27:828 3440 Changer (daf1a8193b6caf0fb858cadcc5c4af4a) C:\WINDOWS\system32\drivers\Changer.sys
06:26:28:234 3440 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
06:26:28:593 3440 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
06:26:29:093 3440 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
06:26:29:546 3440 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
06:26:29:921 3440 DcCam (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
06:26:30:703 3440 DcFpoint (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
06:26:31:468 3440 DCFS2K (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
06:26:31:906 3440 DcLps (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
06:26:32:265 3440 DcPTP (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
06:26:32:640 3440 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
06:26:33:281 3440 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
06:26:33:781 3440 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
06:26:34:187 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:26:34:484 3440 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
06:26:34:859 3440 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
06:26:35:281 3440 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
06:26:35:703 3440 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
06:26:36:265 3440 Exportit (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
06:26:36:734 3440 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
06:26:37:343 3440 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:26:37:937 3440 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
06:26:38:500 3440 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:26:39:031 3440 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
06:26:39:593 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:26:40:312 3440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:26:40:781 3440 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:26:41:406 3440 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:26:42:015 3440 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
06:26:42:609 3440 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:26:43:109 3440 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:26:43:609 3440 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:26:44:218 3440 HSFHWBS2 (5380253d2751f2b5d95941c09e7e42ac) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
06:26:45:109 3440 HSF_DP (e9a4c20ab168be8bd78486afebba5836) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
06:26:45:703 3440 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
06:26:46:281 3440 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:26:46:781 3440 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
06:26:47:406 3440 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:26:48:031 3440 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
06:26:48:625 3440 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
06:26:49:296 3440 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
06:26:49:812 3440 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
06:26:50:500 3440 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
06:26:51:140 3440 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
06:26:51:640 3440 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
06:26:52:515 3440 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
06:26:53:625 3440 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
06:26:54:453 3440 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
06:26:55:359 3440 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
06:26:56:015 3440 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:26:56:656 3440 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
06:26:57:421 3440 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
06:26:57:843 3440 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:26:58:375 3440 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
06:26:59:703 3440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:27:00:703 3440 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:27:01:171 3440 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:27:01:671 3440 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:27:02:578 3440 IPVNMon (46723535d730918adb1887c7c69dbd75) C:\WINDOWS\system32\drivers\IPVNMon.sys
06:27:02:968 3440 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:27:03:593 3440 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:27:04:062 3440 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:27:04:484 3440 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
06:27:04:859 3440 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
06:27:05:406 3440 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
06:27:05:703 3440 lbrtfdc (cc50a66548c2f285bc8a7b0b8aa578e3) C:\WINDOWS\system32\drivers\lbrtfdc.sys
06:27:06:093 3440 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
06:27:06:375 3440 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
06:27:06:859 3440 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
06:27:07:359 3440 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
06:27:07:859 3440 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
06:27:08:328 3440 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
06:27:08:703 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:27:09:046 3440 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
06:27:09:312 3440 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:27:09:546 3440 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
06:27:09:890 3440 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
06:27:10:078 3440 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
06:27:10:281 3440 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:27:10:671 3440 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:27:10:984 3440 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
06:27:11:390 3440 MSKSSRV (85736f804191cb420a31aca2a7f0674f) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:27:11:734 3440 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:27:12:140 3440 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
06:27:12:421 3440 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:27:12:687 3440 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
06:27:12:937 3440 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
06:27:13:265 3440 MXOFX (4f598a92f65945699599b19f16ac6e33) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
06:27:13:875 3440 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
06:27:14:250 3440 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:27:14:656 3440 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:27:15:109 3440 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:27:15:421 3440 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
06:27:15:828 3440 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:27:16:203 3440 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:27:16:484 3440 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
06:27:16:765 3440 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
06:27:17:031 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:27:17:328 3440 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:27:17:593 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:27:17:843 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:27:18:187 3440 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
06:27:18:578 3440 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
06:27:18:968 3440 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
06:27:19:625 3440 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
06:27:20:156 3440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:27:20:484 3440 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
06:27:20:968 3440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:27:21:406 3440 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:27:22:968 3440 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
06:27:23:265 3440 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
06:27:23:437 3440 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:27:23:687 3440 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
06:27:23:890 3440 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
06:27:24:046 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:27:24:296 3440 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
06:27:24:484 3440 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
06:27:24:656 3440 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
06:27:24:828 3440 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
06:27:25:015 3440 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
06:27:25:187 3440 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
06:27:25:390 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:27:25:593 3440 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:27:25:812 3440 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:27:25:984 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:27:26:281 3440 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:27:26:562 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:27:26:812 3440 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:27:27:203 3440 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
06:27:27:562 3440 redbook (2a799b1753939925a02ead10a57caa9f) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:27:27:562 3440 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 2a799b1753939925a02ead10a57caa9f, Fake md5: b31b4588e4086d8d84adbf9845c2402b
06:27:27:562 3440 File "C:\WINDOWS\system32\DRIVERS\redbook.sys" infected by TDSS rootkit ... 06:27:31:843 3440 Backup copy found, using it..
06:27:31:875 3440 will be cured on next reboot
06:27:32:093 3440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:27:32:453 3440 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:27:32:718 3440 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
06:27:32:937 3440 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:27:33:296 3440 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
06:27:33:515 3440 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
06:27:33:703 3440 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
06:27:33:890 3440 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
06:27:34:093 3440 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
06:27:34:312 3440 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
06:27:34:515 3440 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:27:34:734 3440 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
06:27:34:921 3440 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
06:27:35:093 3440 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
06:27:35:281 3440 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
06:27:35:453 3440 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
06:27:35:640 3440 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
06:27:35:859 3440 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:27:36:078 3440 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:27:36:265 3440 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
06:27:36:453 3440 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:27:36:656 3440 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
06:27:36:843 3440 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
06:27:37:593 3440 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
06:27:38:218 3440 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
06:27:38:734 3440 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:27:38:953 3440 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:27:39:156 3440 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:27:39:359 3440 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:27:39:546 3440 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:27:39:765 3440 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:27:40:015 3440 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:27:40:218 3440 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
06:27:40:406 3440 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
06:27:40:593 3440 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
06:27:40:828 3440 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
06:27:41:031 3440 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:27:41:218 3440 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:27:41:593 3440 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
06:27:41:843 3440 winachsf (2e5bc3ddf1c44c84c3093e1148a0354e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
06:27:42:062 3440 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
06:27:42:250 3440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:27:42:453 3440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:27:42:625 3440 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
06:27:42:796 3440 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
06:27:42:796 3440 Reboot required for cure complete..
06:27:43:343 3440 Cure on reboot scheduled successfully
06:27:43:343 3440
06:27:43:343 3440 Completed
06:27:43:343 3440
06:27:43:343 3440 Results:
06:27:43:343 3440 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
06:27:43:343 3440 File objects infected / cured / cured on reboot: 1 / 0 / 1
06:27:43:343 3440
06:27:43:343 3440 KLMD(ARK) unloaded successfully

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

McAfee Security Scan
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Adobe Flash Player 10.0.45.2
Adobe Reader 8.2.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
JohnnyB
Regular Member
 
Posts: 30
Joined: June 4th, 2010, 11:50 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware