Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

browser keeps getting redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

browser keeps getting redirected

Unread postby *alphagalaxy* » July 8th, 2010, 9:05 am

when I google and select my result, I get re-dircted to another site.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:02:44, on 08/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 1303 bytes
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am
Advertisement
Register to Remove

Re: browser keeps getting redirected

Unread postby MWR 3 day Mod » July 11th, 2010, 10:55 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: browser keeps getting redirected

Unread postby deltalima » July 13th, 2010, 3:40 pm

Hi alphagalaxy,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

The HijackThis log that you posted is very short, have you already used HijackThis to remove any lines? Pease post a new HijackThis log
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 2:40 am

3Connect
Adobe Flash Player 10 ActiveX
Agere Systems AC'97 Modem
CCleaner
HiJackThis
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
HP Quick Launch Buttons 6.30 J1
Huawei modem
Intel(R) Graphics Media Accelerator Driver for Mobile
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.6)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
SoundMAX
Texas Instruments PCIxx21/x515/xx12 drivers.
ThreatFire
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Windows Installer 3.1 (KB893803)


This is my sons laptop and I dont know if he did anything with the HijackThis. I am doing this for him now, I have had the unfortunate task of going through similar before. I thank you for your help Deltalima.
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby deltalima » July 14th, 2010, 5:16 am

Hi alphagalaxy,

No anti-virus

Looking over your log, it seems you have Threatfire but no traditional antivirus. Threatfire is intended to be run in addition to a normal antivirus.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 8:05 am

OTL Extras logfile created on: 14/07/2010 11:03:40 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 31.53 Gb Free Space | 84.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-28756B4A3B
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-117609710-1454471165-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"CCleaner" = CCleaner
"Huawei Modems" = Huawei modem
"InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/06/2010 21:03:32 | Computer Name = USER-28756B4A3B | Source = Application Error | ID = 1000
Description = Faulting application guardgui.exe, version 10.0.1.7, faulting module
ccavscanex.dll, version 10.0.33.2, fault address 0x0002d7e2.

Error - 17/06/2010 21:19:25 | Computer Name = USER-28756B4A3B | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module shlwapi.dll, version 6.0.2900.3676, fault address 0x0002c428.

Error - 17/06/2010 21:20:29 | Computer Name = USER-28756B4A3B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 17/06/2010 21:20:29 | Computer Name = USER-28756B4A3B | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt>
with error: The connection with the server was terminated abnormally

Error - 17/06/2010 21:20:29 | Computer Name = USER-28756B4A3B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 17/06/2010 21:20:29 | Computer Name = USER-28756B4A3B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 17/06/2010 21:20:29 | Computer Name = USER-28756B4A3B | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt>
with error: This network connection does not exist.

Error - 17/06/2010 21:20:29 | Computer Name = USER-28756B4A3B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 18/06/2010 13:18:06 | Computer Name = USER-28756B4A3B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 18/06/2010 13:18:06 | Computer Name = USER-28756B4A3B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 08/06/2010 18:17:00 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 08/06/2010 18:17:00 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 08/06/2010 18:25:35 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 08/06/2010 18:25:35 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 08/06/2010 20:54:09 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 08/06/2010 20:54:09 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 09/06/2010 13:23:11 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 09/06/2010 13:23:11 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 09/06/2010 20:28:15 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 09/06/2010 20:28:15 | Computer Name = USER-28756B4A3B | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

< End of report >
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 8:06 am

OTL logfile created on: 14/07/2010 11:03:40 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 31.53 Gb Free Space | 84.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-28756B4A3B
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\ThreatFire\TFWAH.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (BecHelperService) -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys ()
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-117609710-1454471165-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-117609710-1454471165-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 10:37:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 10:37:41 | 000,000,000 | ---D | M]

[2010/06/22 09:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/22 09:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jg715xxy.default\extensions
[2010/06/22 12:48:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-117609710-1454471165-839522115-500\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-1454471165-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/19 11:21:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ddb0baa-5a0c-11df-8f27-0015002dcf7b}\Shell - "" = AutoRun
O33 - MountPoints2\{1ddb0baa-5a0c-11df-8f27-0015002dcf7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ddb0baa-5a0c-11df-8f27-0015002dcf7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{afe7a080-5ad9-11df-8f29-0015002dcf7b}\Shell - "" = AutoRun
O33 - MountPoints2\{afe7a080-5ad9-11df-8f29-0015002dcf7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afe7a080-5ad9-11df-8f29-0015002dcf7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ca3a12dc-634a-11df-8f38-0015002dcf7b}\Shell - "" = AutoRun
O33 - MountPoints2\{ca3a12dc-634a-11df-8f38-0015002dcf7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca3a12dc-634a-11df-8f38-0015002dcf7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/14 07:42:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/08 13:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/07/08 13:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/06/26 15:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/25 20:48:55 | 000,059,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/06/25 20:48:55 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/06/25 20:48:55 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/06/25 20:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/06/25 20:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/24 02:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/06/22 12:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/22 12:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/22 09:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2010/06/22 09:56:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/06/22 09:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/16 12:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/14 11:00:49 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/14 11:00:49 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/14 11:00:49 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/14 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/07/14 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/07/14 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/07/14 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/07/14 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/07/14 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/07/14 10:55:29 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/14 10:55:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/14 10:55:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/14 07:42:25 | 001,609,728 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/07/14 07:42:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/14 07:42:19 | 006,411,552 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/14 07:36:08 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/07/14 07:29:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/12 08:49:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/08 14:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/07/08 14:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/07/08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/07/08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/07/08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/07/08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/07/06 10:24:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/07/06 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/07/06 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/07/06 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/07/06 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/07/06 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/07/06 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/07/06 02:24:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/07/06 02:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/07/06 02:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/07/06 02:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/07/06 02:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/07/06 02:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/07/06 02:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/07/06 01:24:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/07/05 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/07/05 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/07/05 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/07/05 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/07/05 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/07/05 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/07/05 00:41:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/07/05 00:40:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/07/05 00:32:33 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5gdc88.dat
[2010/07/05 00:31:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/07/05 00:27:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/06/29 18:24:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/06/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/06/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/06/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/06/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/06/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/06/29 03:24:02 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/06/27 17:24:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/26 15:24:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/26 15:04:08 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/26 15:01:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/06/26 15:01:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/06/26 15:01:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/06/26 15:01:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/06/26 15:01:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/06/26 15:00:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/06/26 14:15:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/26 08:15:41 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ThreatFire.lnk
[2010/06/26 08:12:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/06/26 08:12:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/06/26 08:12:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/06/26 08:12:36 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/26 08:12:35 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/06/26 08:12:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/06/25 20:48:58 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/06/24 02:17:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/06/24 02:17:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/06/24 02:17:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/06/24 02:17:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/06/24 02:17:55 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/06/23 01:48:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/06/23 01:48:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/06/23 01:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/23 01:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/22 12:48:58 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/22 12:48:58 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/06/22 12:31:29 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/26 15:23:37 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/06/26 08:15:41 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ThreatFire.lnk
[2010/06/25 20:48:58 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/06/25 20:03:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/06/24 02:37:07 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/06/24 02:37:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/06/23 17:32:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/06/23 01:57:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/06/22 12:48:58 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/22 12:48:58 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/06/22 12:37:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/06/22 12:34:12 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5gdc88.dat
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/06/22 12:34:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/06/22 12:31:29 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/06/22 11:53:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/05/07 20:19:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2004/08/04 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 8:12 am

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-14 11:45:13
Windows 5.1.2600 Service Pack 2
Running: dpcb8ry7.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfpyqfow.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF8411A1C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF8411C10]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF8411CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF841190C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF8411E52]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF8413B30]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\pci.sys entry point in ".rsrc" section [0xF8500994]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[276] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[276] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\WINDOWS\system32\spoolsv.exe[276] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\spoolsv.exe[276] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[276] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705C000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7056000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704D000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7050000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7059000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7053000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\spoolsv.exe[276] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 705F000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C1, 70]
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2A, 71]
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[276] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [15, 71]
.text C:\WINDOWS\system32\spoolsv.exe[276] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\spoolsv.exe[276] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\spoolsv.exe[276] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\spoolsv.exe[276] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\spoolsv.exe[276] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\spoolsv.exe[276] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\spoolsv.exe[276] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\spoolsv.exe[276] ws2_32.dll!send 71AB428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\spoolsv.exe[276] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\spoolsv.exe[276] ws2_32.dll!recv 71AB615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\spoolsv.exe[276] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\spoolsv.exe[276] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\spoolsv.exe[276] wininet.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A4000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\SCardSvr.exe[336] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]

to be continued...
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 8:14 am

.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[336] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\SCardSvr.exe[336] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[712] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[712] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[712] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[712] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[712] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[712] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[712] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[712] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\winlogon.exe[864] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!OpenProcessToken 77DD796B 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!OpenProcessToken + 5 77DD7970 1 Byte [70]
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [19, 71]
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!send 71AB428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\winlogon.exe[864] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\winlogon.exe[864] wininet.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\winlogon.exe[864] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\winlogon.exe[864] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705C000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7056000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704D000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7050000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7059000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7053000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 705F000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C1, 70]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2A, 71]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [15, 71]
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!send 71AB428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!recv 71AB615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\services.exe[912] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\services.exe[912] wininet.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A4000A
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 8:15 am

text C:\WINDOWS\system32\winlogon.exe[864] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!OpenProcessToken 77DD796B 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!OpenProcessToken + 5 77DD7970 1 Byte [70]
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\winlogon.exe[864] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [19, 71]
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\winlogon.exe[864] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!send 71AB428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\winlogon.exe[864] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\winlogon.exe[864] wininet.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\winlogon.exe[864] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\winlogon.exe[864] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705C000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7056000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704D000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7050000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7059000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7053000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 705F000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C1, 70]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2A, 71]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[912] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [15, 71]
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\services.exe[912] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!send 71AB428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!recv 71AB615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\services.exe[912] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\services.exe[912] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\services.exe[912] wininet.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705C000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7056000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704D000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7050000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7059000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7053000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 705F000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C1, 70]
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2A, 71]
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [15, 71]
.text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!send 71AB428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\lsass.exe[924] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\lsass.exe[924] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\lsass.exe[924] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\lsass.exe[924] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\lsass.exe[924] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\lsass.exe[924] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\lsass.exe[924] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\lsass.exe[924] wininet.dll!InternetOpenUrlW
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 8:17 am

text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AA000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DD000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7125000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D1000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D4000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707D000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70BF000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705C000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7113000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7086000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7089000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7080000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7083000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710D000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D7000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E0000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709B000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10003E78
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7137000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7056000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A1000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7110000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B3000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BC000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70B9000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704D000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706E000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706B000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709E000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7050000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7059000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7134000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7053000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B6000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7140000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7098000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DA000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F5000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E3000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7107000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F8000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FB000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7095000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E6000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70EF000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70E9000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710A000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F2000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FE000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708C000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 708F000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EC000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7101000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7104000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CB000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CE000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7092000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 711F000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711C000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7143000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B0000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AD000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7146000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714C000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 7149000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 705F000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7131000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C5000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712E000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C1, 70]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7062000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2A, 71]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7077000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7074000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7071000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707A000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 7119000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C8000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7128000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713D000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [15, 71]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003AF0
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ws2_32.dll!send 71AB428A 5 Bytes JMP 10003264
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100027F8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ws2_32.dll!recv 71AB615A 5 Bytes JMP 1000278C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003A9C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A7000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] wininet.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705C000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7056000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704D000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7050000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7059000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7053000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 705F000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C1, 70]
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2A, 71]
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [15, 71]
.text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\svchost.exe[1096] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\svchost.exe[1096] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\svchost.exe[1096] ws2_32.dll!send 71AB428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\svchost.exe[1096] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\svchost.exe[1096] ws2_32.dll!recv 71AB615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\svchost.exe[1096] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\svchost.exe[1096] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\svchost.exe[1096] wininet.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1180] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1180] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1180] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1180] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1180] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1180] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1180] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1180] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A
.text C:\Program Files\ThreatFire\TFService.exe[1280] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10013DF4
.text C:\Program Files\ThreatFire\TFService.exe[1280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10013C3C
.text C:\Program Files\ThreatFire\TFService.exe[1280] kernel32.dll!CreateRemoteThread + 174 7C8105B0 4 Bytes [00, 00, 6F, 71]
.text C:\Program Files\ThreatFire\TFService.exe[1280] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10013E78
.text C:\Program Files\ThreatFire\TFService.exe[1280] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013AF0
.text C:\Program Files\ThreatFire\TFService.exe[1280] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013264
.text C:\Program Files\ThreatFire\TFService.exe[1280] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100127F8
.text C:\Program Files\ThreatFire\TFService.exe[1280] ws2_32.dll!recv 71AB615A 5 Bytes JMP 1001278C
.text C:\Program Files\ThreatFire\TFService.exe[1280] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013A9C
.text C:\WINDOWS\System32\alg.exe[1288] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1288] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71]
.text C:\WINDOWS\System32\alg.exe[1288] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1288] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71]
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AC000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DF000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7127000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D3000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7151000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D6000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7085000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C1000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7064000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7115000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708E000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7091000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7088000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708B000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710F000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71]
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D9000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E2000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A3000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7139000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705E000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A9000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7112000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B5000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BE000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BB000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7055000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7076000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7073000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A6000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7058000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7061000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7136000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705B000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B8000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7142000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70A0000A
.text C:\WINDOWS\System32\alg.exe[1288] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DC000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7067000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7133000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C7000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 7130000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C3, 70]
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 706A000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2C, 71] {SUB AL, 0x71}
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 707F000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 707C000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7079000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 7082000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711B000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7157000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70CA000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 715A000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 712A000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713F000A
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1288] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [17, 71]
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 8:21 am

.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709D000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7094000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7097000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706D000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7070000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 709A000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7121000A
.text C:\WINDOWS\System32\alg.exe[1288] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711E000A
.text C:\WINDOWS\System32\alg.exe[1288] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7145000A
.text C:\WINDOWS\System32\alg.exe[1288] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B2000A
.text C:\WINDOWS\System32\alg.exe[1288] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AF000A
.text C:\WINDOWS\System32\alg.exe[1288] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7148000A
.text C:\WINDOWS\System32\alg.exe[1288] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714E000A
.text C:\WINDOWS\System32\alg.exe[1288] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714B000A
.text C:\WINDOWS\System32\alg.exe[1288] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 7052000A
.text C:\WINDOWS\System32\alg.exe[1288] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 704F000A
.text C:\WINDOWS\System32\svchost.exe[1340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0095000A
.text C:\WINDOWS\System32\svchost.exe[1340] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0096000A
.text C:\WINDOWS\System32\svchost.exe[1340] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0094000C
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 705F000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 0111000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7062000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7077000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7074000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7071000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707A000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1340] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1340] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00B7000A
.text C:\WINDOWS\System32\svchost.exe[1340] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1340] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1340] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1340] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1340] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1340] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1756] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1756] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1756] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1756] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1756] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1756] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1756] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1756] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A
.text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B0000A
.text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B1000A
.text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7060000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7063000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7078000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7075000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7072000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707B000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7156000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 7159000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\WINDOWS\Explorer.EXE[1792] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\WINDOWS\Explorer.EXE[1792] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\Explorer.EXE[1792] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\WINDOWS\Explorer.EXE[1792] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\WINDOWS\Explorer.EXE[1792] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\WINDOWS\Explorer.EXE[1792] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7157000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 715A000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\WINDOWS\system32\drwtsn32.exe[1836] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ws2_32.dll!send 71AB428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ws2_32.dll!recv 71AB615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\drwtsn32.exe[1836] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\drwtsn32.exe[1836] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\drwtsn32.exe[1836] wininet.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 8:22 am

efox\firefox.exe[2920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 019D000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 019E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 019C000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7060000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7132000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C6000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 712F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C2, 70]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7063000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2B, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7078000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7075000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7072000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7157000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70C9000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 715A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 7129000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [16, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2920] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AC000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DF000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7127000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D3000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7151000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D6000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707F000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C1000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705E000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7115000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7088000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708B000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7082000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7085000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710F000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D9000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E2000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709D000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7139000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7058000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A3000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7112000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B5000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BE000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BB000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704F000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7070000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706D000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A0000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7052000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705B000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7136000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7055000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B8000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7142000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709A000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DC000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7097000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708E000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7091000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7067000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706A000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7094000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7121000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711E000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!SetWindowTextW 77D4BADE 6 Bytes JMP 7061000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 7133000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 70C7000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 7130000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [C3, 70]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!SetWindowTextA 77D4DC5A 6 Bytes JMP 7064000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!GetKeyboardState 77D4EF35 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!GetKeyboardState + 4 77D4EF39 2 Bytes [2C, 71] {SUB AL, 0x71}
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!DrawTextW 77D4FF89 6 Bytes JMP 7079000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!CreateWindowExA 77D5190B 6 Bytes JMP 7076000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!CreateWindowExW 77D51AD5 6 Bytes JMP 7073000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!DrawTextA 77D65D61 6 Bytes JMP 707C000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 711B000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 7157000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 70CA000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 715A000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 712A000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 713F000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [17, 71]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7145000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B2000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AF000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7148000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714E000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714B000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] wininet.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A9000A
.text C:\Documents and Settings\Administrator\My Documents\Downloads\dpcb8ry7.exe[3100] wininet.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A6000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\spoolsv.exe[276] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\spoolsv.exe[276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\spoolsv.exe[276] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\spoolsv.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\spoolsv.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\spoolsv.exe[276] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\lsass.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\lsass.exe[924] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\lsass.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\lsass.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\lsass.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\lsass.exe[924] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\svchost.exe[1096] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\svchost.exe[1096] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\svchost.exe[1096] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\svchost.exe[1096] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\svchost.exe[1096] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\svchost.exe[1096] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\svchost.exe[1096] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 714F0000
IAT C:\WINDOWS\system32\drwtsn32.exe[1836] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\WINDOWS\system32\drwtsn32.exe[1836] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\WINDOWS\system32\drwtsn32.exe[1836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\WINDOWS\system32\drwtsn32.exe[1836] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\WINDOWS\system32\drwtsn32.exe[1836] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\WINDOWS\system32\drwtsn32.exe[1836] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 71500000
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 71500000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

Device -> \Driver\atapi \Device\Harddisk0\DR0 82E61EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\dllcache\msidntld.dll (size mismatch) 512029/14848 bytes executable
File C:\WINDOWS\system32\drivers\pci.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby *alphagalaxy* » July 14th, 2010, 8:23 am

Also, I have my own Antivir Premium that I pay for but it wont install, I get an error message saying there was an error during the download.

Thank you.
*alphagalaxy*
Regular Member
 
Posts: 24
Joined: June 26th, 2010, 10:20 am

Re: browser keeps getting redirected

Unread postby deltalima » July 14th, 2010, 8:28 am

Hi alphagalaxy,

Also, I have my own Antivir Premium that I pay for but it wont install, I get an error message saying there was an error during the download.


OK, you have a rootkit that maybe is interfering with the download, let's fix that first then we can install Antivir later.

TDSSKiller

  • Please Download TDSSKiller.exe and save it on your desktop.
  • Important!: only run this fix once.
  • Double click TDSSKiller.exe to run it.
  • a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 13.06.2010
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware