Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I know im infected AntiSpy Protector 2009


  • Please log in to reply
4 replies to this topic

#1 out4bounty

out4bounty

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 29 August 2009 - 10:55 PM

hey guys I got this the other day Can't run ANY anti-spyware programs I thought I deleted the program because the pop up's stopped but im still having problems loading any anti-spyware programs can some one check my scans thanks.

BC AdBot (Login to Remove)

 


#2 out4bounty

out4bounty
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 29 August 2009 - 11:08 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/29 23:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA779000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB5C4F000 Size: 138368 File Visible: - Signed: -
Status: -

Name: AnyDVD.sys
Image Path: C:\WINDOWS\System32\Drivers\AnyDVD.sys
Address: 0xB93F9000 Size: 97408 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA731000 Size: 95360 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAF50000 Size: 3072 File Visible: - Signed: -
Status: -

Name: aujasnkj.sys
Image Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\aujasnkj.sys
Address: 0xB2CDA000 Size: 84352 File Visible: No Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBADF2000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA9F8000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBAA78000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA8E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA8D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBAAB8000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5A2D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE04000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xBAD9C000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAF3B000 Size: 4096 File Visible: - Signed: -
Status: -

Name: elagopro.sys
Image Path: C:\WINDOWS\system32\DRIVERS\elagopro.sys
Address: 0xBAC50000 Size: 28672 File Visible: - Signed: -
Status: -

Name: elaunidr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\elaunidr.sys
Address: 0xBAE20000 Size: 5376 File Visible: - Signed: -
Status: -

Name: ElbyCDIO.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
Address: 0xBABD8000 Size: 16896 File Visible: - Signed: -
Status: -

Name: ElbyDelay.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyDelay.sys
Address: 0xBADE8000 Size: 4608 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB2BC7000 Size: 143360 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBAC80000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB94EF000 Size: 34944 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xBAB88000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xBA711000 Size: 128896 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBADF0000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA749000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xBA5D4000 Size: 10624 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBA5C8000 Size: 9472 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E2000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB9411000 Size: 151552 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBAB98000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB2EF7000 Size: 262784 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBAA38000 Size: 52736 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBAA68000 Size: 41856 File Visible: - Signed: -
Status: -

Name: InCDfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\InCDfs.SYS
Address: 0xB5D93000 Size: 102016 File Visible: - Signed: -
Status: -

Name: InCDPass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\InCDPass.sys
Address: 0xBACB0000 Size: 29440 File Visible: - Signed: -
Status: -

Name: InCDrec.SYS
Image Path: C:\WINDOWS\System32\Drivers\InCDrec.SYS
Address: 0xBAD50000 Size: 8704 File Visible: - Signed: -
Status: -

Name: incdrm.SYS
Image Path: C:\WINDOWS\System32\Drivers\incdrm.SYS
Address: 0xBACA8000 Size: 32640 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xBA968000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB5CC1000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB5D5E000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBAC88000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB16AC000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB93D6000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA6E8000 Size: 92544 File Visible: - Signed: -
Status: -

Name: L8042Kbd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
Address: 0xBA5D0000 Size: 13568 File Visible: - Signed: -
Status: -

Name: L8042mou.Sys
Image Path: C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
Address: 0xBAA48000 Size: 56064 File Visible: - Signed: -
Status: -

Name: lmimirr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lmimirr.sys
Address: 0xBAF4E000 Size: 3200 File Visible: - Signed: -
Status: -

Name: LMIRfsDriver.sys
Image Path: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Address: 0xB5A45000 Size: 40960 File Visible: - Signed: -
Status: -

Name: LMouKE.Sys
Image Path: C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
Address: 0xB9459000 Size: 71936 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xB30A0000 Size: 72576 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xBAB90000 Size: 28512 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xB5AE5000 Size: 194592 File Visible: - Signed: -
Status: -

Name: mfesmfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfesmfk.sys
Address: 0xB3122000 Size: 33760 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBADF4000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBAC90000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8B8000 Size: 42240 File Visible: - Signed: -
Status: -

Name: Mpfp.sys
Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
Address: 0xB5CE2000 Size: 147456 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB35B4000 Size: 179584 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB5B15000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBABB8000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBAAF8000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB9D5D000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA600000 Size: 107904 File Visible: - Signed: -
Status: -

Name: MusCAudio.sys
Image Path: C:\WINDOWS\system32\drivers\MusCAudio.sys
Address: 0xBAAA8000 Size: 40960 File Visible: - Signed: -
Status: -

Name: MusCVideo.sys
Image Path: C:\WINDOWS\system32\DRIVERS\MusCVideo.sys
Address: 0xBAF4F000 Size: 2688 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA61B000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB9D69000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB3AC1000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB8EAC000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBAB18000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA988000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB5C71000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBABC0000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA648000 Size: 574464 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAF7A000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 4497408 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB8EF9000 Size: 3934592 File Visible: - Signed: -
Status: -

Name: NVENETFD.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xBA938000 Size: 57856 File Visible: - Signed: -
Status: -

Name: nvnetbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xBAA98000 Size: 40960 File Visible: - Signed: -
Status: -

Name: NVNRM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xB92BA000 Size: 1163264 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB946B000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xBAE1E000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA768000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB8EC3000 Size: 139264 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xBAA28000 Size: 35328 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB8E9B000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBAB70000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA8F8000 Size: 35712 File Visible: - Signed: -
Status: -

Name: RaInfo.sys
Image Path: C:\Program Files\LogMeIn\x86\RaInfo.sys
Address: 0xBAE22000 Size: 6144 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBAD58000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBAAC8000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBAAD8000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBAAE8000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBAB78000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB5B84000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBADF6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBAA88000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB28BB000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xB5DF4000 Size: 4448256 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA5CC000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBAA58000 Size: 64896 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA6FF000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB349A000 Size: 333184 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBADEA000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB3995000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB5D06000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBAB40000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBAB08000 Size: 40704 File Visible: - Signed: -
Status: -

Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xB2B16000 Size: 66176 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8E67000 Size: 209408 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBABA8000 Size: 31616 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBADEC000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBACA0000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA928000 Size: 57600 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBAC98000 Size: 17024 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB9436000 Size: 143360 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xBABC8000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xBAD74000 Size: 15104 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBABA0000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8EE5000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA978000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBABE8000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB3838000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xBABF0000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xB5A95000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xBA6D5000 Size: 77568 File Visible: - Signed: -
Status: -




MER 1.0.15.15077 [gamers.exe] - http://www.gmer.net
Rootkit scan 2009-08-29 22:46:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB5AFC9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB5AFCA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB5AFC958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB5AFC96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB5AFCA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB5AFCA81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB5AFCAF4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB5AFCAD9]
Code 89F87B40 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB5AFC9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB5AFCB1E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB5AFCA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB5AFC930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB5AFC944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB5AFC9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB5AFCB5A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB5AFCAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB5AFCAAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB5AFCA6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB5AFCB46]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB5AFCB32]
Code 89FA221E ZwSaveKey
Code 8932F756 ZwSaveKeyEx
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB5AFC996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB5AFC982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB5AFCA97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB5AFCA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB5AFCB08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB5AFCA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB5AFC9D4]
Code 89F80A06 IofCallDriver
Code 892F36DE IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF0BC 5 Bytes JMP 89F80A0B
.text ntkrnlpa.exe!IofCompleteRequest 804EF14C 5 Bytes JMP 892F36E3
.text ntkrnlpa.exe!ZwYieldExecution 80503FE8 7 Bytes JMP B5AFC9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B70064
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B70049
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B7002C
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B7001B
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B70F94
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B70F23
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B70075
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B70EF7
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B70F12
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B70EE6
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B70F79
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B70F4A
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B70FAF
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B70FCA
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B70090
.text C:\WINDOWS\system32\svchost.exe[448] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A30014
.text C:\WINDOWS\system32\svchost.exe[448] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A30F7C
.text C:\WINDOWS\system32\svchost.exe[448] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A30FB9
.text C:\WINDOWS\system32\svchost.exe[448] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A30FCA
.text C:\WINDOWS\system32\svchost.exe[448] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A30F97
.text C:\WINDOWS\system32\svchost.exe[448] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A30FE5
.text C:\WINDOWS\system32\svchost.exe[448] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A30FA8
.text C:\WINDOWS\system32\svchost.exe[448] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A3002F
.text C:\WINDOWS\system32\svchost.exe[448] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20FA1
.text C:\WINDOWS\system32\svchost.exe[448] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A2002C
.text C:\WINDOWS\system32\svchost.exe[448] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[448] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[448] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20011
.text C:\WINDOWS\system32\svchost.exe[448] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20FC6
.text C:\WINDOWS\system32\svchost.exe[448] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[448] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\svchost.exe[448] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00A0001E
.text C:\WINDOWS\system32\svchost.exe[448] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00A00FCD
.text C:\WINDOWS\system32\svchost.exe[448] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A10000
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[616] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[616] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[616] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013C0000
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 013C0F79
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 013C006E
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 013C0F94
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 013C0FAF
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 013C0FC0
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 013C009F
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 013C0F57
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 013C0F10
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 013C0F21
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 013C00C4
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 013C0051
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 013C0FDB
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 013C0F68
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 013C002C
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 013C001B
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 013C0F46
.text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 013B0022
.text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 013B0058
.text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 013B0011
.text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 013B0FE5
.text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 013B0F9B
.text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 013B0000
.text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 013B0FAC
.text C:\WINDOWS\system32\services.exe[748] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 013B0033
.text C:\WINDOWS\system32\services.exe[748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 013A0040
.text C:\WINDOWS\system32\services.exe[748] msvcrt.dll!system 77C293C7 5 Bytes JMP 013A0FAB
.text C:\WINDOWS\system32\services.exe[748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 013A0FCD
.text C:\WINDOWS\system32\services.exe[748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 013A0FEF
.text C:\WINDOWS\system32\services.exe[748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 013A0FBC
.text C:\WINDOWS\system32\services.exe[748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 013A0FDE
.text C:\WINDOWS\system32\services.exe[748] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\services.exe[748] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01020FEF
.text C:\WINDOWS\system32\services.exe[748] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01020FD4
.text C:\WINDOWS\system32\services.exe[748] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 0102002F
.text C:\WINDOWS\system32\services.exe[748] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01390000
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01210FEF
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01210F30
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01210025
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01210F4B
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01210F68
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01210F94
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01210EF8
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0121004A
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01210091
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01210076
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 012100A2
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01210F83
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01210000
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01210F1F
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01210FAF
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01210FCA
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01210065
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01200FAF
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01200011
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 01200FCA
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 01200000
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01200F54
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 01200FE5
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01200F79
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01200F94
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011F0F7A
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!system 77C293C7 5 Bytes JMP 011F0F8B
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011F0FC1
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011F0FE3
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011F0FA6
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011F0FD2
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 011E0000
.text C:\WINDOWS\system32\lsass.exe[760] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 011D0000
.text C:\WINDOWS\system32\lsass.exe[760] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 011D0FE5
.text C:\WINDOWS\system32\lsass.exe[760] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 011D001B
.text C:\WINDOWS\system32\lsass.exe[760] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 011D0036
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01170FEF
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01170F5F
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01170F70
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01170F8B
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01170FB2
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01170FC3
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01170080
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0117006F
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011700A5
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01170F0C
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 011700C0
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0117004A
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01170014
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01170F44
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01170025
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01170FDE
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01170F1D
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01120FB9
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01120F72
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 01120FCA
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 01120FE5
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01120F83
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 01120000
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01120F94
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01120025
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01110058
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 01110FCD
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01110029
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01110FEF
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01110FDE
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0111000C
.text C:\WINDOWS\system32\svchost.exe[924] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 010F0FE5
.text C:\WINDOWS\system32\svchost.exe[924] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 010F0FD4
.text C:\WINDOWS\system32\svchost.exe[924] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 010F0FC3
.text C:\WINDOWS\system32\svchost.exe[924] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 010F0014
.text C:\WINDOWS\system32\svchost.exe[924] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01100FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[948] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[948] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E60090
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E6007F
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E60FA5
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E60FB6
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E6004E
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E60F76
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E600BE
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E60F54
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E600E3
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E60F39
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E60FC7
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E6001B
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E600A1
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E6003D
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E6002C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E60F65
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00E5002C
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E50F94
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00E50011
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00E50FDB
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E50FA5
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00E50047
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00E50FC0
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1008] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1008] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E40033
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E40022
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E40FD7
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E40FB2
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00E2000A
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00E20FD4
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00E20FC3
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E30000
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 029F000A
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 029F0F5C
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 029F0047
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 029F0036
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 029F0F79
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 029F0FB9
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 029F0F26
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 029F0078
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 029F009A
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 029F0089
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 029F0EF0
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 029F0F94
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 029F001B
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 029F0F41
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 029F0FCA
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 029F0FE5
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 029F0F0B
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 029D0FA8
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 029D0039
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 029D0FB9
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 029D0FD4
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 029D0F7C
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 029D0FEF
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 029D001E
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 029D0F97
.text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1152] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1152] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 029C0049
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!system 77C293C7 5 Bytes JMP 029C0038
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 029C0FE3
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_open 77C2F566 5 Bytes JMP 029C0000
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 029C0FC8
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 029C0011
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 025B0000
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 025B001B
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 025B0FE5
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 025B0036
.text C:\WINDOWS\System32\svchost.exe[1152] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 025C000A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A300A4
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A30093
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A30FAF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A30062
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A300D5
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A30F83
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A300E6
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A30F57
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A3010B
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A30051
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A30011
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A30F94
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A30FCA
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A30FDB
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A30F72
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A2001B
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A20FA5
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A2000A
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A20FD4
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A20062
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A20047
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A20036
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10FA6
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10FB7
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FE3
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10FD2
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A1001D
.text C:\WINDOWS\system32\svchost.exe[1288] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1288] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\svchost.exe[1288] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00A00FD4
.text C:\WINDOWS\system32\svchost.exe[1288] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00A00025
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F00091
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F00F92
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F00076
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F00065
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F00FC3
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F00F49
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F00F5A
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F000E2
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F000C7
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00F00F2E
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00F0004A
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F00FDE
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00F00F81
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00F0002F
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00F00014
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00F000B6
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00EF0014
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00EF0F86
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00EF0FC3
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00EF0FDE
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00EF0043
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00EF0FA1
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00EF0FB2
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1440] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1440] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0FA8
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE003D
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FDE
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FCD
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0018
.text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00C8001B
.text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00C80040
.text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00C80051
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B10064
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B10049
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B10F6F
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B10F80
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B10F9B
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B10F37
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B1007F
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B100AB
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B10090
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B10EF7
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B10022
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B10F54
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B10FB6
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B10011
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B10F1C
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00B00025
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00B00F9E
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00B00FCA
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00B00FAF
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00B00051
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00B00036
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AF0FC3
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AF0FD4
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AF003A
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AF0029
.text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00AD0025
.text C:\WINDOWS\system32\svchost.exe[1568] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00AD0FD4
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AE0FE5
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B900AE
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B9009D
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B90082
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B9005B
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B900DC
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoA 7C801EEE 3 Bytes JMP 00B90F94
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoA + 4 7C801EF2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B90119
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B90108
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B90F65
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B900BF
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B9002C
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B900ED
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00B80033
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00B80095
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00B80022
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00B80011
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00B8007A
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00B80069
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00B8004E
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70014
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70F7F
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70FAB
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70F90
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FC6
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00B60FC3
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00B60014
.text C:\WINDOWS\system32\spoolsv.exe[1684] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\spoolsv.exe[1684] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\A526DB98.x86.dll
.text C:\WINDOWS\Explorer.EXE[1976] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C7000A
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 023D0000
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 023D00A7
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 023D0096
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 023D0FB2
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 023D0065
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 023D0FDE
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 023D0F70
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 023D00C2
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 023D0F3D
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 023D0F4E
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 023D0F2C
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 023D0FC3
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 023D0025
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 023D0F97
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 023D004A
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 023D0FEF
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 023D0F5F
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 023C0FC3
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 023C0F8D
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 023C0FD4
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 023C0FEF
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 023C0040
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 023C0000
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 023C0F9E
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 023C002F
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01300FCF
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!system 77C293C7 5 Bytes JMP 0130005A
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0130002E
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01300000
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01300049
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0130001D
.text C:\WINDOWS\Explorer.EXE[1976] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\Explorer.EXE[1976] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00E50FD4
.text C:\WINDOWS\Explorer.EXE[1976] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00E50FB9
.text C:\WINDOWS\Explorer.EXE[1976] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00E50FA8
.text C:\WINDOWS\Explorer.EXE[1976] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001C0FE5
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001C0078
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001C0F79
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001C0047
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001C0036
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001C0F94
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001C00B0
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001C0F5E
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001C00D5
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001C0F3C
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001C0F21
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001C001B
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001C0FCA
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001C0089
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001C0000
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001C0FAF
.text C:\WINDOWS\System32\svchost.exe[3408] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001C0F4D
.text C:\WINDOWS\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002A0F68
.text C:\WINDOWS\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002A002F
.text C:\WINDOWS\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002A0F8D
.text C:\WINDOWS\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002A0014
.text C:\WINDOWS\System32\svchost.exe[3408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0036
.text C:\WINDOWS\System32\svchost.exe[3408] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0025
.text C:\WINDOWS\System32\svchost.exe[3408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F0FC6
.text C:\WINDOWS\System32\svchost.exe[3408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0000
.text C:\WINDOWS\System32\svchost.exe[3408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0FAB
.text C:\WINDOWS\System32\svchost.exe[3408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0FE3
.text C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 007A001B
.text C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 007A002C
.text C:\WINDOWS\System32\svchost.exe[3408] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001C0F5F
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001C0054
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001C0F7A
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001C0039
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001C0FA8
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001C0F29
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001C0F3A
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001C008C
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001C0EF3
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001C0ED8
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001C0F97
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001C0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001C0065
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001C001E
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001C0FCD
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001C0F0E
.text C:\WINDOWS\system32\wuauclt.exe[3664] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F9C
.text C:\WINDOWS\system32\wuauclt.exe[3664] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0031
.text C:\WINDOWS\system32\wuauclt.exe[3664] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\system32\wuauclt.exe[3664] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[3664] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FB7
.text C:\WINDOWS\system32\wuauclt.exe[3664] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\wuauclt.exe[3664] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002B0040
.text C:\WINDOWS\system32\wuauclt.exe[3664] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002B0079
.text C:\WINDOWS\system32\wuauclt.exe[3664] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3664] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\wuauclt.exe[3664] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002B0FB2
.text C:\WINDOWS\system32\wuauclt.exe[3664] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[3664] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[3664] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3664] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3664] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 006A0000
.text C:\WINDOWS\system32\wuauclt.exe[3664] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 006A0FCA
.text C:\WINDOWS\system32\wuauclt.exe[3664] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 006A0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3664] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00690000

---- User IAT/EAT - GMER 1.0.15 ----

IAT c:\program files\common files\mcafee\mna\mcnasvc.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT c:\program files\common files\mcafee\mna\mcnasvc.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\system32\spoolsv.exe[1684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\A526DB98.x86.dll
IAT C:\WINDOWS\system32\spoolsv.exe[1684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\A526DB98.x86.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\A526DB98.x86.dll (*** hidden *** ) @ c:\program files\common files\mcafee\mna\mcnasvc.exe [616] 0x35670000
Library \\?\globalroot\Device\__max++>\A526DB98.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1008] 0x35670000
Library \\?\globalroot\Device\__max++>\A526DB98.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1152] 0x35670000
Library \\?\globalroot\Device\__max++>\A526DB98.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1440] 0x35670000
Library \\?\globalroot\Device\__max++>\A526DB98.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1568] 0x35670000
Library \\?\globalroot\Device\__max++>\A526DB98.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1684] 0x35670000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmbvuccdtx.sys (*** hidden *** ) [SYSTEM] kbiwkmdbrnvvor <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor@imagepath \systemroot\system32\drivers\kbiwkmbvuccdtx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmbvuccdtx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmgeeaafyq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmyodoffdb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmnenocuwe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdbrnvvor\modules@kbiwkm.dat \systemroot\system32\kbiwkmgoxujdsm.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor@imagepath \systemroot\system32\drivers\kbiwkmbvuccdtx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\main@sid 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmbvuccdtx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmgeeaafyq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmyodoffdb.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmnenocuwe.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmdbrnvvor\modules@kbiwkm.dat \systemroot\system32\kbiwkmgoxujdsm.dat

---- Files - GMER 1.0.15 ----

File C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\nb.lproj\PanelHelperBaseLocalized.qtr 3072 bytes executable
File C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.Resources\nb.lproj\CoreVideoLocalized.qtr 3072 bytes executable

---- EOF - GMER 1.0.15 ----

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,789 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:18 AM

Posted 29 August 2009 - 11:59 PM

Hello out4bounty and :thumbsup: to BleepingComputer.

Yeah. . . you've got a nasty little rootkit on your machine. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

Due to the nature of this infection it is likely that you will be unable to run traditional scanning utilities or run a full scan with RootRepeal as directed in the Preparation Guide linked above. If this is the case, you should still create your new thread in the HJT forum, but instead of DDS and full RootRepeal logs you should post your partial RootRepeal log (the one you just posted), as well as a log generated by this special utility.

~Blade

Edited by Blade Zephon, 29 August 2009 - 11:59 PM.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#4 out4bounty

out4bounty
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 30 August 2009 - 10:31 AM

Hello out4bounty and :thumbsup: to BleepingComputer.

Yeah. . . you've got a nasty little rootkit on your machine. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

Due to the nature of this infection it is likely that you will be unable to run traditional scanning utilities or run a full scan with RootRepeal as directed in the Preparation Guide linked above. If this is the case, you should still create your new thread in the HJT forum, but instead of DDS and full RootRepeal logs you should post your partial RootRepeal log (the one you just posted), as well as a log generated by this special utility.

~Blade

thanks for the reply

#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,789 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:18 AM

Posted 30 August 2009 - 04:22 PM

No problem :thumbsup: Sorry I couldn't do more for you; this infection is incredibly advanced.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users