Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please take a look at my hijack this log!


  • This topic is locked This topic is locked
12 replies to this topic

#1 darkness280

darkness280

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 26 June 2009 - 07:55 PM

I'm worried I might be infected with something so I'm here lookin for some help! Thanks in advanced for any help you can give me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:44 PM, on 6/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=71126
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Win32load] C:\Documents and Settings\Admin\Application Data\nSvcAppFlt.exe -lds
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09204385-CBB0-48B6-AFB0-5D089D0E4C22}: NameServer = 66.75.160.63,66.75.160.64
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED3B0B25-2AAC-42C6-96FB-FFFC3F2DC970}: NameServer = 66.75.160.63,66.75.160.64
O17 - HKLM\System\CS1\Services\Tcpip\..\{09204385-CBB0-48B6-AFB0-5D089D0E4C22}: NameServer = 66.75.160.63,66.75.160.64
O17 - HKLM\System\CS2\Services\Tcpip\..\{09204385-CBB0-48B6-AFB0-5D089D0E4C22}: NameServer = 66.75.160.63,66.75.160.64
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0165721245720779) (0165721245720779mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\016572~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11311 bytes

BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:05:56 PM

Posted 01 July 2009 - 11:19 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 darkness280

darkness280
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 02 July 2009 - 07:02 PM

There's nothing specifically wrong with my computer except that I'm worried I might have a keylogger or virus or something on my computer that I do not know of so I'm looking for some help. I've scanned my computer using mcafee and ad-aware but other than that nothing. I found nothing with both scans and i have scanned multiple times. Here is the DDS log you asked for.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Admin at 16:59:23.78 on Thu 07/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2311 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "d:\steam\steam.exe" -silent
uRun: [Win32load] c:\documents and settings\admin\application data\nSvcAppFlt.exe -lds
mRun: [Alcmtr] ALCMTR.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {09204385-CBB0-48B6-AFB0-5D089D0E4C22} = 66.75.160.63,66.75.160.64
TCP: {ED3B0B25-2AAC-42C6-96FB-FFFC3F2DC970} = 66.75.160.63,66.75.160.64
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-1-28 46112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-26 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-26 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-26 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-28 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-26 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-26 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-26 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-26 40552]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\vmlaunch\buddyvm.sys --> c:\program files\vmlaunch\BuddyVM.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-26 34216]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-27 22:20 <DIR> --d----- c:\program files\EVGA Precision
2009-06-21 10:07 189,072 a------- c:\windows\system32\PnkBstrB.xtr
2009-06-17 17:48 <DIR> --d----- C:\Nexon
2009-06-16 21:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-06-16 21:57 204 a------- C:\Plugins
2009-06-16 21:56 <DIR> --d----- c:\program files\Pando Networks
2009-06-16 17:57 319 a------- c:\windows\game.ini
2009-06-14 18:13 <DIR> --d----- c:\program files\Ragnarok
2009-06-13 21:31 <DIR> --d----- c:\program files\SpeedFan
2009-06-13 21:31 45 a------- c:\windows\system32\initdebug.nfo
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 64,777 a------- c:\windows\system32\NvwsApps.xml
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll

==================== Find3M ====================

2009-06-22 22:03 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-06-22 21:40 138,920 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-21 09:19 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-16 17:58 22,328 a------- c:\docume~1\admin\applic~1\PnkBstrK.sys
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-04 16:39 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-05-23 13:16 682,280 a------- c:\windows\system32\pbsvc.exe
2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-28 09:55 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-04-27 23:44 62,295 a------- c:\windows\War3Unin.dat
2009-04-17 02:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 08:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2008-07-13 21:26 0 a------- c:\program files\temp01

============= FINISH: 17:00:02.17 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:56 PM

Posted 04 July 2009 - 08:05 PM

Hi darkness280,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:56 PM

Posted 04 July 2009 - 08:10 PM

Hi darkness280,

The log looks clean. Let's run some scans to confirm that for you. :)

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Then

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

And finally

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 darkness280

darkness280
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 05 July 2009 - 02:25 AM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-05 00:24:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT spqw.sys ZwCreateKey [0xB7EA80E0]
SSDT spqw.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spqw.sys ZwEnumerateValueKey [0xB7EC7030]
SSDT spqw.sys ZwOpenKey [0xB7EA80C0]
SSDT spqw.sys ZwQueryKey [0xB7EC7108]
SSDT spqw.sys ZwQueryValueKey [0xB7EC6F88]
SSDT spqw.sys ZwSetValueKey [0xB7EC719A]

INT 0x62 ? 8B351BF8
INT 0x73 ? 8B351BF8
INT 0x73 ? 8B351BF8
INT 0x73 ? 8B354BF8
INT 0x73 ? 8B093F00
INT 0x73 ? 8B351BF8
INT 0x83 ? 8B093F00
INT 0x84 ? 8B093F00
INT 0xA4 ? 8B093F00
INT 0xB4 ? 8B093F00
INT 0xB4 ? 8B093F00
INT 0xB4 ? 8B093F00

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB3CA24EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB3CA2498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB3CA24AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB3CA259B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB3CA25C7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB3CA252A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB3CA2661]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB3CA2470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB3CA2484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB3CA24FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB3CA2609]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB3CA25B1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB3CA2689]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB3CA2675]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB3CA24D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB3CA24C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB3CA2559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB3CA264B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB3CA2540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB3CA2514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80503FE8 7 Bytes JMP B3CA2518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577ED2 5 Bytes JMP B3CA24EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0A7E 7 Bytes JMP B3CA252E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B188C 5 Bytes JMP B3CA2544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6E5E 7 Bytes JMP B3CA2502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C9D0A 5 Bytes JMP B3CA2474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C9F96 5 Bytes JMP B3CA2488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CC754 5 Bytes JMP B3CA24C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2A 7 Bytes JMP B3CA24B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFAE0 5 Bytes JMP B3CA249C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D0002 5 Bytes JMP B3CA24DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1232 5 Bytes JMP B3CA255D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80620536 5 Bytes JMP B3CA2679 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80620AB6 7 Bytes JMP B3CA264F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806212FC 7 Bytes JMP B3CA260D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621B54 7 Bytes JMP B3CA25B5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 806225BE 7 Bytes JMP B3CA259F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062278E 7 Bytes JMP B3CA25CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 80623D0E 5 Bytes JMP B3CA268D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80623E28 5 Bytes JMP B3CA2665 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? spqw.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B6DFE62C 5 Bytes JMP 8B0934E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[180] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 0126EDC0 C:\Program Files\McAfee\SiteAdvisor\saPlugin.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[180] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 025B0000
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 025B0F6F
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 025B0F94
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 025B0062
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 025B0047
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 025B0FCA
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 025B0F37
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 025B0F54
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 025B0F1C
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 025B00B5
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 025B00D0
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 025B0FA5
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 025B0011
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 025B007F
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 025B0FDB
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 025B002C
.text C:\WINDOWS\Explorer.EXE[320] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 025B009A
.text C:\WINDOWS\Explorer.EXE[320] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00CA0028
.text C:\WINDOWS\Explorer.EXE[320] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00CA005E
.text C:\WINDOWS\Explorer.EXE[320] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00CA0FCD
.text C:\WINDOWS\Explorer.EXE[320] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\Explorer.EXE[320] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00CA0FA1
.text C:\WINDOWS\Explorer.EXE[320] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\Explorer.EXE[320] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00CA0FB2
.text C:\WINDOWS\Explorer.EXE[320] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00CA0039
.text C:\WINDOWS\Explorer.EXE[320] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C90056
.text C:\WINDOWS\Explorer.EXE[320] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C90FC1
.text C:\WINDOWS\Explorer.EXE[320] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C9000C
.text C:\WINDOWS\Explorer.EXE[320] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\Explorer.EXE[320] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C90027
.text C:\WINDOWS\Explorer.EXE[320] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C90FDE
.text C:\WINDOWS\Explorer.EXE[320] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\Explorer.EXE[320] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00CB000A
.text C:\WINDOWS\Explorer.EXE[320] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00CB001B
.text C:\WINDOWS\Explorer.EXE[320] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00CB002C
.text C:\WINDOWS\Explorer.EXE[320] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070F4B
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F5C
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0007007D
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F1A
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700A9
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00070F09
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070098
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00060058
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00060F91
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 0006003D
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050016
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FB7
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050F9C
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[1068] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EF0F7C
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EF0F8D
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EF0F9E
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EF0051
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EF0FCA
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EF0F50
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EF0098
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EF00DF
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EF00CE
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00EF00FA
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00EF0FAF
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00EF0F6B
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00EF0036
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00EF001B
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00EF00A9
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00EE001B
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00EE0FA5
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00EE0FCA
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00EE0062
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00EE0051
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00EE0036
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00ED0058
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 00ED0FC3
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00ED0022
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00ED0033
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00ED0011
.text C:\WINDOWS\system32\lsass.exe[1080] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CA00AC
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CA0091
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CA0080
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CA004A
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CA00EE
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CA0F9C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CA00FF
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CA0F66
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CA0F4B
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CA0065
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CA00BD
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CA002F
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CA0F81
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00C90FC3
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00C90054
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00C90FE5
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00C90F97
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00C90FB2
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00C90039
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wsystem 77C2931E 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80022
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80011
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80FAB
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80FE3
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[1276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80FC6
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B40080
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B40F8B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B40065
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B40FA8
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B4002F
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B40F64
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B400AC
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B40F24
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B40F35
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B400D8
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B4004A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B40FDE
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B4009B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B40014
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B40FC3
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B400BD
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00B3002C
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00B3007D
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00B3001B
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00B30FE5
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00B30FB6
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00B30062
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00B30047
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B2004C
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20031
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B2000C
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20FC1
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20FDE
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02C8000A
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02C800B2
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02C800A1
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02C80090
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02C80069
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02C8003D
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02C800DE
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02C80FA2
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02C80F60
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02C800F9
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 02C80114
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02C8004E
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02C8001B
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02C800C3
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02C8002C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02C80FDB
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02C80F7B
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 02AF0FB2
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 02AF0F5A
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 02AF0FC3
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 02AF0FDE
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 02AF0F6B
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 02AF0FEF
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 02AF0F7C
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 02AF0F97
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02AE0F75
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!system 77C293C7 5 Bytes JMP 02AE000A
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02AE0FB5
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02AE0FE3
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02AE0F9A
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02AE0FD2
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02AD0FEF
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 02C70FEF
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 02C70000
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 02C70FD4
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 02C70025
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00640F55
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00640F66
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00640F8D
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00640F9E
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00640036
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00640F1F
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00640067
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00640ECE
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00640EE9
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 0064008C
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00640FB9
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00640F3A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00640025
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00640F0E
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00630039
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00630FA1
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00630014
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00630054
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00630FB2
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00620FCF
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!system 77C293C7 5 Bytes JMP 0062005A
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0062002E
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0062000C
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00620049
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0062001D
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008F0F92
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008F0FA3
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008F0087
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008F0076
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008F0040
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008F0F5F
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008F0F70
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008F00DD
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008F0F3A
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008F00F8
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008F005B
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008F0FE5
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008F0F81
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008F001B
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008F00C2
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00640014
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00640F94
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00640051
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00640040
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00640025
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FA1
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!system 77C293C7 5 Bytes JMP 0063002C
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FD7
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FBC
.text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[1580] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1580] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1580] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1580] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 0065002C
.text C:\WINDOWS\system32\svchost.exe[1580] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0062000A
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00930F74
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930069
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930F9B
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930058
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00930097
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00930F4F
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009300B9
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009300A8
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009300D4
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00930047
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0093007A
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00930F2A
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 0092001E
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00920054
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00920FC3
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00920043
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00920FA1
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00920FB2
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910049
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910038
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00910FD2
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910027
.text C:\WINDOWS\system32\svchost.exe[1680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[1680] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00720FEF
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00720F7E
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00720073
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00720062
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00720051
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00720036
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007200B3
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00720098
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00720F21
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007200C4
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00720F06
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00720FAF
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00720000
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00720F6D
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00720FC0
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0072001B
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00720F50
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00710011
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00710F65
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00710FC0
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00710FE5
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00710F80
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00710F91
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00710022
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00700FA3
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!system 77C293C7 5 Bytes JMP 00700038
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00700027
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00700FC8
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00700FE3
.text C:\WINDOWS\system32\svchost.exe[1852] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006F0FE5
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A00B8
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0093
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0076
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0065
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00DF
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F97
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F57
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00F0
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0F46
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0054
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0025
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F72
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 0028001B
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00280051
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0028000A
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00280FD4
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00280F94
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00280FEF
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00280FA5
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 0028002C
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003D0FAD
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!system 77C293C7 5 Bytes JMP 003D0FC8
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003D0038
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003D000C
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003D0FD9
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003D001D
.text C:\WINDOWS\System32\svchost.exe[2180] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A0FE5
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A004A
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A0039
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A0F6B
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A0028
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A0F97
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A0089
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A0078
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A00C9
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A0F30
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008A0F1F
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008A0F86
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008A0FD4
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008A005B
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008A0FA8
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008A0FB9
.text C:\WINDOWS\system32\svchost.exe[2728] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008A00AE
.text C:\WINDOWS\system32\svchost.exe[2728] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00890036
.text C:\WINDOWS\system32\svchost.exe[2728] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00890076
.text C:\WINDOWS\system32\svchost.exe[2728] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00890FEF
.text C:\WINDOWS\system32\svchost.exe[2728] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0089001B
.text C:\WINDOWS\system32\svchost.exe[2728] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00890FB9
.text C:\WINDOWS\system32\svchost.exe[2728] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0089000A
.text C:\WINDOWS\system32\svchost.exe[2728] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00890FCA
.text C:\WINDOWS\system32\svchost.exe[2728] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00890051
.text C:\WINDOWS\system32\svchost.exe[2728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00880070
.text C:\WINDOWS\system32\svchost.exe[2728] msvcrt.dll!system 77C293C7 5 Bytes JMP 00880055
.text C:\WINDOWS\system32\svchost.exe[2728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00880029
.text C:\WINDOWS\system32\svchost.exe[2728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00880FEF
.text C:\WINDOWS\system32\svchost.exe[2728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00880044
.text C:\WINDOWS\system32\svchost.exe[2728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00880018
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!VirtualProtectEx 7C801A5D 1 Byte [E9]
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F61
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F72
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F83
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0067
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F1F
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0EE2
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0EFD
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B0096
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0F9E
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0F3C
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0014
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[3332] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B0F0E
.text C:\WINDOWS\system32\wuauclt.exe[3332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290042
.text C:\WINDOWS\system32\wuauclt.exe[3332] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290027
.text C:\WINDOWS\system32\wuauclt.exe[3332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FD2
.text C:\WINDOWS\system32\wuauclt.exe[3332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\wuauclt.exe[3332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FB7
.text C:\WINDOWS\system32\wuauclt.exe[3332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0029000C
.text C:\WINDOWS\system32\wuauclt.exe[3332] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\system32\wuauclt.exe[3332] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002A0F8A
.text C:\WINDOWS\system32\wuauclt.exe[3332] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\system32\wuauclt.exe[3332] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3332] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\wuauclt.exe[3332] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002A000A
.text C:\WINDOWS\system32\wuauclt.exe[3332] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002A002C
.text C:\WINDOWS\system32\wuauclt.exe[3332] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002A001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00260089
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00260F94
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0026006E
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00260FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00260036
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 002600D2
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 002600B5
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00260F4A
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 002600E3
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 002600FE
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00260047
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 002600A4
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00260025
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00260F65
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00340011
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00340051
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00340000
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00340FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00340F94
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00340FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00340036
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00340FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350F75
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FB5
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350F9A
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 01430FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 01430000
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 0143001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 01430FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4380] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 015E0000

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA9040] spqw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA913C] spqw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA90BE] spqw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA97FC] spqw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA96D2] spqw.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B3C41F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \FatCdrom 8AFB93F8
Device \FileSystem\Udfs \UdfsCdRom 8AF4F1F8
Device \FileSystem\Udfs \UdfsDisk 8AF4F1F8

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8B0901F8
Device \Driver\usbuhci \Device\USBPDO-1 8B0901F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B3C61F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B3C61F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B3C61F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B3C61F8
Device \Driver\usbuhci \Device\USBPDO-2 8B0901F8
Device \Driver\usbehci \Device\USBPDO-3 8B0681F8
Device \Driver\usbuhci \Device\USBPDO-4 8B0901F8

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 8B0901F8
Device \Driver\usbuhci \Device\USBPDO-6 8B0901F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B3521F8
Device \Driver\usbehci \Device\USBPDO-7 8B0681F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B3521F8
Device \Driver\Cdrom \Device\CdRom0 8B04A1F8
Device \Driver\Cdrom \Device\CdRom1 8B04A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8B3511F8
Device \Driver\atapi \Device\Ide\IdePort0 8B3511F8
Device \Driver\atapi \Device\Ide\IdePort1 8B3511F8
Device \Driver\atapi \Device\Ide\IdePort2 8B3511F8
Device \Driver\atapi \Device\Ide\IdePort3 8B3511F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{ED3B0B25-2AAC-42C6-96FB-FFFC3F2DC970} 8A480288
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A480288
Device \Driver\NetBT \Device\NetbiosSmb 8A480288

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 8B0901F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{09204385-CBB0-48B6-AFB0-5D089D0E4C22} 8A480288
Device \Driver\usbuhci \Device\USBFDO-1 8B0901F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4751F8
Device \Driver\usbuhci \Device\USBFDO-2 8B0901F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4751F8
Device \Driver\usbehci \Device\USBFDO-3 8B0681F8
Device \Driver\usbuhci \Device\USBFDO-4 8B0901F8
Device \Driver\Ftdisk \Device\FtControl 8B3521F8
Device \Driver\usbuhci \Device\USBFDO-5 8B0901F8
Device \Driver\usbuhci \Device\USBFDO-6 8B0901F8
Device \Driver\usbehci \Device\USBFDO-7 8B0681F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8B3C51F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8B3C51F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target1Lun0 8B3C51F8
Device \FileSystem\Fastfat \Fat 8AFB93F8

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs 8AF523D0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x5B 0x88 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x5B 0x88 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x5B 0x88 0x6B ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Admin\Local Settings\Application Data\Opera\Opera\profile\cache4\opr02TDZ 460 bytes

---- EOF - GMER 1.0.15 ----

#7 darkness280

darkness280
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 05 July 2009 - 02:36 AM

Malwarebytes' Anti-Malware 1.38
Database version: 2375
Windows 5.1.2600 Service Pack 2

7/5/2009 12:27:09 AM
mbam-log-2009-07-05 (00-27-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 187964
Time elapsed: 1 hour(s), 28 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win32load (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 darkness280

darkness280
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 05 July 2009 - 04:12 AM

BitDefender Online Scanner

Scan report generated at: Sun, Jul 05, 2009 - 02:09:04

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics

Time
01:23:58

Files
334969

Folders
7844

Boot Sectors
0

Archives
9256

Packed Files
12857

Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0

Engines Info

Virus Definitions
3654112

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4


Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes


Scanned File
Status

No virus found.

Alright here are the ones you asked for. I wasn't sure how else to post this last one. I tried to delete a lot of the excess space so yeah. Thank you again.

Edited by darkness280, 05 July 2009 - 04:13 AM.


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:56 PM

Posted 05 July 2009 - 01:55 PM

It looks good to me darkness280, :thumbup2:

Any problems with the PC at the moment?

If not we can go to the final instructions.
Posted Image
m0le is a proud member of UNITE

#10 darkness280

darkness280
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 05 July 2009 - 07:10 PM

Nope there really isn't I just got all paranoid for no reason so i came looking for some help. Thanks a lot for your help, I really appreciate it. bring on the final instructions! :D

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:56 PM

Posted 05 July 2009 - 07:22 PM

Okay, you got 'em... :thumbup2:


Let's firstly do some housekeeping

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

Then close Firefox and then reopen it.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Here's some advice on how you can keep your PC clean

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it darkness280, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#12 darkness280

darkness280
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 05 July 2009 - 11:03 PM

thank you for all your help! you've been very helpful!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:56 PM

Posted 11 July 2009 - 07:13 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users