Hello chryssi2001,
update mbam, and run it again
MBAM didn't find anything. Here's the report:
Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 5.1.2600 Service Pack 3
2009-01-17 15:12:34
mbam-log-2009-01-17 (15-12-34).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 140212
Time elapsed: 58 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
C:\WINDOWS\System32\TDDSmtvd.dat
This file doesn't exist. I insured that my folder options included "Show System Files" and "Show hidden files". (I know that some rootkit files still can't be seen, but this is the best I know how to do.)
Then try to run Combofix again.
It failed in a manner identical to the last time, except there was no message about TDDSmtvd.dat
Also run Gmer again, and post back the report.
OK. Here it is.
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-01-17 15:58:33
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF0C539CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF0C53A61]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF0C53978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF0C5398C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF0C53A75]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF0C53AA1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF0C53B0F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF0C53AF9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF0C53A0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF0C53B3B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF0C53A4D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF0C53950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF0C53964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF0C539DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF0C53B77]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF0C53AE3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF0C53ACD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF0C53A8B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF0C53B63]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF0C53B4F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF0C539B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF0C539A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF0C53AB7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF0C53A39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF0C53B25]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF0C53A20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF0C539F4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP F0C539F8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP F0C539CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP F0C53A0E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP F0C53A24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP F0C539E2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP F0C53954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP F0C53968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP F0C539A6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP F0C53990 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP F0C5397C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP F0C539BA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP F0C53A3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP F0C53AD1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP F0C53ABB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP F0C53B29 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP F0C53AE7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP F0C53A8F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP F0C53A65 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP F0C53A79 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP F0C53AA5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP F0C53B13 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP F0C53AFD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP F0C53A51 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP F0C53B7B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP F0C53B53 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP F0C53B67 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP F0C53B3F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F54
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0049
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 1 Byte [ E9 ]
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!LoadLibraryExW + 2 7C801AF7 3 Bytes [ E5, 99, 83 ]
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F65
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0000
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F26
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A006E
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0EFA
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0093
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00B8
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0011
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F43
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\explorer.exe[804] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F0B
.text C:\WINDOWS\explorer.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FEF
.text C:\WINDOWS\explorer.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290FB9
.text C:\WINDOWS\explorer.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290036
.text C:\WINDOWS\explorer.exe[804] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0029001B
.text C:\WINDOWS\explorer.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0029006C
.text C:\WINDOWS\explorer.exe[804] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0029000A
.text C:\WINDOWS\explorer.exe[804] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290FD4
.text C:\WINDOWS\explorer.exe[804] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\explorer.exe[804] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0029005B
.text C:\WINDOWS\explorer.exe[804] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 002C0FDB
.text C:\WINDOWS\explorer.exe[804] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 002C0000
.text C:\WINDOWS\explorer.exe[804] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 002C001D
.text C:\WINDOWS\explorer.exe[804] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 002C002E
.text C:\WINDOWS\explorer.exe[804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED000A
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070076
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0007004A
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002F
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700BF
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700AE
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F52
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700EB
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 000700FC
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070091
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00070FC3
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[1000] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000700D0
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 26, 88 ]
.text C:\WINDOWS\system32\services.exe[1000] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[1000] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01020F8B
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020076
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020065
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01020054
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020FB2
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01020F49
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0102009B
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01020F02
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01020F13
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 010200B6
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01020043
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01020FEF
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01020F70
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01020FCD
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01020FDE
.text C:\WINDOWS\system32\lsass.exe[1012] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01020F2E
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01010FB9
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01010047
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01010FCA
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01010000
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01010036
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01010F94
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 21, 89 ]
.text C:\WINDOWS\system32\lsass.exe[1012] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0101001B
.text C:\WINDOWS\system32\lsass.exe[1012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90F79
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90078
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F94
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90FA5
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F9003D
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F90F57
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F68
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F90F1A
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F2B
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F90F09
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F90FB6
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F90011
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F90093
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F90FDB
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F9002C
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F90F3C
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F8002F
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F8004A
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F80F97
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F80FA8
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 18, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F80FC3
.text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0FC0
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0073
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0047
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F55
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F72
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00DA
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF00C9
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BF00FF
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BF0058
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BF0F83
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BF00B8
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BE0076
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BE0065
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DE, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[1244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0000
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0198000A
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0198006C
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0198005B
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01980F77
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01980040
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01980FB9
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01980F50
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01980098
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01980F06
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01980F2B
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 019800C4
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01980F9E
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01980FEF
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01980087
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01980FCA
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01980025
.text C:\WINDOWS\System32\svchost.exe[1284] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 019800A9
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01970FB9
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01970040
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01970000
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01970FD4
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01970F83
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01970FE5
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01970F94
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ B7, 89 ]
.text C:\WINDOWS\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0197001B
.text C:\WINDOWS\System32\svchost.exe[1284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0167000A
.text C:\WINDOWS\System32\svchost.exe[1284] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 0168001B
.text C:\WINDOWS\System32\svchost.exe[1284] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 01680000
.text C:\WINDOWS\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 01680FD9
.text C:\WINDOWS\System32\svchost.exe[1284] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 0168002C
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00810FEF
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00810073
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00810062
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00810F88
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00810051
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0081001B
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008100AB
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0081009A
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008100C6
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00810F37
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 008100E1
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00810036
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00810000
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00810F63
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00810FAF
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00810FC0
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00810F48
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00800FA8
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00800F7C
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00800FC3
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00800039
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00800FE5
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0080001E
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00800F97
.text C:\WINDOWS\system32\svchost.exe[1404] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80F7E
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80F8F
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80FAC
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80069
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80033
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80F46
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E8008E
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E800D5
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E800C4
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E80F21
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E8004E
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E80F6D
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E80022
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E80011
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E800B3
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E70051
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E70FCA
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E70036
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E7001B
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E70091
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E7006C
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E70FE5
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E9000A
.text C:\WINDOWS\system32\svchost.exe[1432] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00E50011
.text C:\WINDOWS\system32\svchost.exe[1432] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[1432] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00E50FD9
.text C:\WINDOWS\system32\svchost.exe[1432] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00E5002C
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F3A
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80F55
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80F66
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80F8D
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F13
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F8005B
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80EDD
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80EEE
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F80091
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F80FA8
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F80011
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F80040
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F80FCA
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F80FDB
.text C:\WINDOWS\System32\svchost.exe[2160] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F8006C
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F70F83
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F70FCA
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F70000
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F70036
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F70F9E
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 17, 89 ]
.text C:\WINDOWS\System32\svchost.exe[2160] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F7001B
.text C:\WINDOWS\System32\svchost.exe[2160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2752] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00B5
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A009A
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A007D
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0062
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A002C
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F94
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A010B
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F68
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F4D
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0051
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A00C6
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FC0
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\dllhost.exe[3516] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F79
.text C:\WINDOWS\system32\dllhost.exe[3516] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A0FDB
.text C:\WINDOWS\system32\dllhost.exe[3516] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A0F80
.text C:\WINDOWS\system32\dllhost.exe[3516] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A002C
.text C:\WINDOWS\system32\dllhost.exe[3516] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\dllhost.exe[3516] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\dllhost.exe[3516] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[3516] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002A0FA5
.text C:\WINDOWS\system32\dllhost.exe[3516] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 4A, 88 ]
.text C:\WINDOWS\system32\dllhost.exe[3516] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A0FB6
.text C:\WINDOWS\system32\dllhost.exe[3516] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F41
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F52
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F6F
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F09
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F26
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA008E
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA007D
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BA00A9
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BA0F8A
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BA0051
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BA0FA5
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[3576] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B90F8D
.text C:\WINDOWS\system32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B90FA8
.text C:\WINDOWS\system32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B90040
.text C:\WINDOWS\system32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\svchost.exe[3576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0F94
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0089
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB0FAF
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB006C
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB004A
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB0F52
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB0F6F
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB00E1
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB00C6
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CB00F2
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CB005B
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CB009A
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CB002F
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[3640] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CB00B5
.text C:\WINDOWS\system32\svchost.exe[3640] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CA0047
.text C:\WINDOWS\system32\svchost.exe[3640] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CA00A2
.text C:\WINDOWS\system32\svchost.exe[3640] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\svchost.exe[3640] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\svchost.exe[3640] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CA007D
.text C:\WINDOWS\system32\svchost.exe[3640] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[3640] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CA006C
.text C:\WINDOWS\system32\svchost.exe[3640] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CA0FDB
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
---- EOF - GMER 1.0.14 ----
It does make me uneasy that ComboFix doesn't complete and give a report, but otherwise this looks much better.
Regards,
trags