Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browswer Hijack, Redirects from Searches Firefox and IE


  • This topic is locked This topic is locked
33 replies to this topic

#1 Docpluto

Docpluto

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 28 October 2009 - 01:19 PM

I am getting redirects from google searches. Both in firefox and IE. It seems to also be slowing down my browsing. Seems to happen more when searching from the search tool located to the right of the address input.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Bret at 13:36:39.43 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.117 [GMT -4:00]

AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
FW: Total Protection Service *enabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Globe7\Globe7.exe
C:\Program Files\Globe7\PhoneResources\widgets\G7WidgetRT.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Documents and Settings\Bret\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://globalclientsolutions.com/Secure/Lo...ure%2fMain.aspx
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3081217
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eyeBeam SIP Client] "c:\program files\counterpath\eyebeam 1.5\eyeBeam.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [MVS Splash] c:\program files\mcafee\managed virusscan\agent\Splash.exe
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.752.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bret\applic~1\mozilla\firefox\profiles\vxgbhrs8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://208.64.66.44/vicidial/admin.php
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\bret\application data\mozilla\firefox\profiles\vxgbhrs8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-12-17 14144]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-12-17 8960]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-12-17 175704]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-17 110080]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2008-12-17 11264]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-17 30192]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-12-17 16640]

=============== Created Last 30 ================

2009-10-28 15:56:47 0 d-----w- c:\docume~1\bret\applic~1\Globe7
2009-10-28 15:56:38 0 d-----w- c:\program files\Globe7
2009-10-27 16:11:46 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-27 16:11:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-26 19:54:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-10-26 19:52:11 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-10-26 17:49:49 0 d-----w- c:\windows\system32\Adobe
2009-10-24 14:48:20 0 d-----w- c:\program files\Trend Micro
2009-10-24 14:33:39 0 ----a-w- c:\windows\system32\2D.tmp
2009-10-22 18:29:40 0 d-----w- c:\program files\MozBackup
2009-10-22 15:42:49 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-10-22 01:29:27 0 d-----w- c:\program files\common files\Macrovision Shared
2009-10-22 01:29:13 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-10-22 01:29:13 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-10-22 00:33:31 0 d-----w- c:\docume~1\bret\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-21 23:32:59 0 d-----w- c:\docume~1\bret\applic~1\Malwarebytes
2009-10-21 23:32:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 23:32:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 23:32:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-21 23:32:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 23:07:58 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-21 23:07:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-21 23:07:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-21 23:07:58 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-21 23:07:58 0 d-----w- C:\a86206b2a31e1184fe
2009-10-21 23:06:36 0 d-sh--w- c:\documents and settings\bret\IECompatCache
2009-10-21 23:05:24 0 d-sh--w- c:\documents and settings\bret\PrivacIE
2009-10-21 22:44:51 0 d-sh--w- c:\documents and settings\bret\IETldCache
2009-10-21 21:23:13 0 d-----w- c:\windows\ie8updates
2009-10-21 21:22:36 0 dc-h--w- c:\windows\ie8
2009-10-21 21:20:44 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-21 21:20:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-21 21:20:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-21 21:20:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-21 21:20:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-21 21:20:41 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-21 21:20:35 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-21 19:49:53 0 d-----w- C:\Old Desktop
2009-10-21 19:48:40 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-21 16:27:47 188 ----a-w- c:\windows\hpbafd.ini
2009-10-21 16:20:52 0 d-----w- C:\lj30xx_3380pcl5ewinnt4
2009-10-21 16:12:08 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-21 16:12:08 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-20 22:48:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-20 22:23:27 376 ----a-w- c:\windows\ODBC.INI
2009-10-20 22:23:02 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-20 22:22:36 0 d-----w- c:\windows\ShellNew
2009-10-20 21:41:07 0 d-----w- c:\docume~1\bret\applic~1\LimeWire
2009-10-20 21:40:04 0 d-----w- c:\program files\LimeWire
2009-10-20 20:07:35 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-20 20:07:01 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-20 20:06:53 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-20 20:06:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-20 20:06:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-20 20:06:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-20 20:06:52 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-10-20 20:06:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-20 20:06:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-20 20:06:51 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-20 20:06:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-20 20:03:09 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-20 20:03:02 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-20 20:02:57 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-20 19:59:31 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-20 19:59:30 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-20 19:59:29 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-20 19:58:58 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-20 19:58:49 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-20 19:58:48 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-20 19:58:13 0 d-----w- c:\windows\system32\PreInstall
2009-10-20 17:10:56 0 d-----w- c:\docume~1\alluse~1\applic~1\CounterPath
2009-10-20 17:07:12 0 d-----w- c:\program files\CounterPath
2009-10-20 16:57:10 0 d-----w- c:\windows\pss
2009-10-20 16:54:48 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-20 16:52:58 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-10-20 16:52:50 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-20 16:52:44 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

==================== Find3M ====================

2009-10-20 22:32:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-20 22:32:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 13:37:15.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 03 November 2009 - 05:37 AM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#3 Docpluto

Docpluto
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 03 November 2009 - 01:12 PM

This is the DDS from November 3rd. The problem is redirects from Google. I have run every spyware and hijack checker from safe mode with no results. HELP!


DDS (Ver_09-10-26.01) - NTFSx86
Run by Bret at 13:03:20.75 on Tue 11/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1213 [GMT -5:00]

AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
FW: Total Protection Service *enabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Documents and Settings\Bret\Desktop\Spyware and Malware removal\dds.scr
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

============== Pseudo HJT Report ===============

uStart Page = https://globalclientsolutions.com/Secure/Lo...ure%2fMain.aspx
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3081217
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eyeBeam SIP Client] "c:\program files\counterpath\eyebeam 1.5\eyeBeam.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [MVS Splash] c:\program files\mcafee\managed virusscan\agent\Splash.exe
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
StartupFolder: c:\docume~1\bret\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.752.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bret\applic~1\mozilla\firefox\profiles\vxgbhrs8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://208.64.66.44/vicidial/admin.php
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\bret\application data\mozilla\firefox\profiles\vxgbhrs8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-12-17 14144]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-12-17 8960]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-12-17 175704]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-17 110080]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2008-12-17 11264]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-17 30192]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-12-17 16640]

=============== Created Last 30 ================

2009-11-03 17:10:31 8192 ----a-w- c:\windows\Rpoint.exe
2009-11-03 02:03:11 0 d-----w- c:\docume~1\bret\applic~1\OpenOffice.org
2009-11-03 01:57:25 0 d-----w- c:\program files\JRE
2009-11-03 01:57:11 0 d-----w- c:\program files\OpenOffice.org 3
2009-11-02 18:38:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion
2009-11-02 18:09:43 256 ----a-w- c:\documents and settings\bret\pool.bin
2009-11-02 17:53:22 256 ----a-w- c:\windows\system32\pool.bin
2009-11-02 17:53:21 0 d-----w- c:\docume~1\bret\applic~1\Research In Motion
2009-11-02 17:53:01 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-11-02 17:52:27 0 d-----w- c:\program files\common files\Research In Motion
2009-11-02 17:52:25 0 d-----w- c:\program files\Research In Motion
2009-10-29 16:12:56 724992 ----a-w- c:\windows\iun6002.exe
2009-10-29 16:12:56 0 d-----w- C:\spywarebegone
2009-10-29 16:12:54 170 ----a-w- c:\windows\spywarebegone-fullversion-installed.html
2009-10-29 15:58:29 0 d-----w- c:\program files\Advanced Spyware Remover
2009-10-28 15:56:47 0 d-----w- c:\docume~1\bret\applic~1\Globe7
2009-10-28 15:56:38 0 d-----w- c:\program files\Globe7
2009-10-27 16:11:46 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-27 16:11:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-26 19:54:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-10-26 19:52:11 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-10-26 17:49:49 0 d-----w- c:\windows\system32\Adobe
2009-10-24 14:48:20 0 d-----w- c:\program files\Trend Micro
2009-10-24 14:33:39 0 ----a-w- c:\windows\system32\2D.tmp
2009-10-22 18:29:40 0 d-----w- c:\program files\MozBackup
2009-10-22 15:42:49 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-10-22 01:29:27 0 d-----w- c:\program files\common files\Macrovision Shared
2009-10-22 01:29:13 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-10-22 01:29:13 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-10-22 00:33:31 0 d-----w- c:\docume~1\bret\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-21 23:32:59 0 d-----w- c:\docume~1\bret\applic~1\Malwarebytes
2009-10-21 23:32:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 23:32:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 23:32:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-21 23:32:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 23:07:58 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-21 23:07:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-21 23:07:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-21 23:07:58 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-21 23:07:58 0 d-----w- C:\a86206b2a31e1184fe
2009-10-21 23:06:36 0 d-sh--w- c:\documents and settings\bret\IECompatCache
2009-10-21 23:05:24 0 d-sh--w- c:\documents and settings\bret\PrivacIE
2009-10-21 22:44:51 0 d-sh--w- c:\documents and settings\bret\IETldCache
2009-10-21 21:23:13 0 d-----w- c:\windows\ie8updates
2009-10-21 21:22:36 0 dc-h--w- c:\windows\ie8
2009-10-21 21:20:44 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-21 21:20:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-21 21:20:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-21 21:20:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-21 21:20:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-21 21:20:41 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-21 21:20:35 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-21 19:49:53 0 d-----w- C:\Old Desktop
2009-10-21 19:48:40 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-21 16:27:47 473 ----a-w- c:\windows\hpbafd.ini
2009-10-21 16:20:52 0 d-----w- C:\lj30xx_3380pcl5ewinnt4
2009-10-21 16:12:08 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-21 16:12:08 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-20 22:48:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-20 22:23:27 376 ----a-w- c:\windows\ODBC.INI
2009-10-20 22:23:02 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-20 22:22:36 0 d-----w- c:\windows\ShellNew
2009-10-20 21:41:07 0 d-----w- c:\docume~1\bret\applic~1\LimeWire
2009-10-20 21:40:04 0 d-----w- c:\program files\LimeWire
2009-10-20 20:07:35 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-20 20:07:01 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-20 20:06:53 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-20 20:06:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-20 20:06:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-20 20:06:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-20 20:06:52 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-10-20 20:06:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-20 20:06:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-20 20:06:51 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-20 20:06:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-20 20:03:09 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-20 20:03:02 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-20 20:02:57 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-20 19:59:31 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-20 19:59:30 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-20 19:59:29 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-20 19:58:58 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-20 19:58:49 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-20 19:58:48 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-20 19:58:13 0 d-----w- c:\windows\system32\PreInstall
2009-10-20 17:10:56 0 d-----w- c:\docume~1\alluse~1\applic~1\CounterPath
2009-10-20 17:07:12 0 d-----w- c:\program files\CounterPath
2009-10-20 16:57:10 0 d-----w- c:\windows\pss
2009-10-20 16:54:48 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-20 16:52:58 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-10-20 16:52:50 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-20 16:52:44 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

==================== Find3M ====================

2009-10-20 22:32:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-20 22:32:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 13:03:44.57 ===============





HiJack THis was run with the following:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:33 PM, on 11/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3081217
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://globalclientsolutions.com/Secure/Lo...ure%2fMain.aspx
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9755 bytes

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:52 PM

Posted 05 November 2009 - 03:54 PM

Hello, Docpluto
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Docpluto

Docpluto
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 05 November 2009 - 07:03 PM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-05 18:59:41
Windows 5.1.2600 Service Pack 3
Running: z62gl1oi.exe; Driver: C:\DOCUME~1\Bret\LOCALS~1\Temp\agtoapoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x97E724BA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x97E72468]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x97E7247C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x97E724FA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x97E72440]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x97E72454]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x97E724CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x97E724A6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x97E72492]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x97E72529]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x97E72510]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x97E724E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP 97E724E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP 97E724BE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP 97E724FE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 3 Bytes JMP 97E72514 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection + 4 805B2E16 1 Byte [17]
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP 97E724D2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP 97E72444 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP 97E72458 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP 97E72496 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP 97E72480 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11FA 5 Bytes JMP 97E7246C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP 97E724AA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AC 5 Bytes JMP 97E7252D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01780000
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01780F5E
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01780053
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01780F79
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01780F94
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0178002C
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 017800B0
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01780089
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017800ED
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017800DC
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01780108
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01780FA5
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01780011
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01780078
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01780FC0
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01780FD1
.text C:\WINDOWS\Explorer.EXE[216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 017800C1
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01660FCA
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01660F94
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01660FE5
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01660011
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01660FAF
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01660000
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01660051
.text C:\WINDOWS\Explorer.EXE[216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0166002C
.text C:\WINDOWS\Explorer.EXE[216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01650038
.text C:\WINDOWS\Explorer.EXE[216] msvcrt.dll!system 77C293C7 5 Bytes JMP 01650FAD
.text C:\WINDOWS\Explorer.EXE[216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0165001D
.text C:\WINDOWS\Explorer.EXE[216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01650000
.text C:\WINDOWS\Explorer.EXE[216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01650FC8
.text C:\WINDOWS\Explorer.EXE[216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01650FE3
.text C:\WINDOWS\Explorer.EXE[216] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01630000
.text C:\WINDOWS\Explorer.EXE[216] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01630FEF
.text C:\WINDOWS\Explorer.EXE[216] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01630FCA
.text C:\WINDOWS\Explorer.EXE[216] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01630FB9
.text C:\WINDOWS\Explorer.EXE[216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01640000
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070043
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F4E
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F6B
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F7C
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070080
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0007006F
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700A2
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070091
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070EEE
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070054
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F13
.text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0006003D
.text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060095
.text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0006007A
.text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0006005F
.text C:\WINDOWS\system32\services.exe[816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0006004E
.text C:\WINDOWS\system32\services.exe[816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050042
.text C:\WINDOWS\system32\services.exe[816] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\services.exe[816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FB7
.text C:\WINDOWS\system32\services.exe[816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C90F44
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C90F5F
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90F7C
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90039
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C90FB2
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C90F07
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C90F18
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C9008C
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C90071
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C9009D
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C90F97
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C90F29
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C90FC3
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C90014
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C90060
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C80FC0
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C80F6F
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C80011
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C8002C
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C80FE5
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C80F94
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes CALL C89FEDE5
.text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C80FAF
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C70FB2
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C70FC3
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C70FDE
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C70033
.text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\lsass.exe[828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028D0FEF
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 028D007D
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 028D0058
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 028D0F7E
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 028D0047
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028D002C
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028D009F
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 028D0F57
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028D00C4
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028D0F35
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028D00D5
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 028D0FA5
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 028D0FCA
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 028D008E
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 028D0011
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 028D0000
.text C:\WINDOWS\system32\wuauclt.exe[832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028D0F46
.text C:\WINDOWS\system32\wuauclt.exe[832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 028B003D
.text C:\WINDOWS\system32\wuauclt.exe[832] msvcrt.dll!system 77C293C7 5 Bytes JMP 028B0FB2
.text C:\WINDOWS\system32\wuauclt.exe[832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 028B0011
.text C:\WINDOWS\system32\wuauclt.exe[832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 028B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 028B0022
.text C:\WINDOWS\system32\wuauclt.exe[832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 028B0000
.text C:\WINDOWS\system32\wuauclt.exe[832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 028C001B
.text C:\WINDOWS\system32\wuauclt.exe[832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 028C0054
.text C:\WINDOWS\system32\wuauclt.exe[832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 028C000A
.text C:\WINDOWS\system32\wuauclt.exe[832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 028C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 028C0F97
.text C:\WINDOWS\system32\wuauclt.exe[832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 028C0FE5
.text C:\WINDOWS\system32\wuauclt.exe[832] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 028C0FA8
.text C:\WINDOWS\system32\wuauclt.exe[832] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AC, 8A]
.text C:\WINDOWS\system32\wuauclt.exe[832] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 028C0FB9
.text C:\WINDOWS\system32\wuauclt.exe[832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 028A000A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0246000A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02460F7E
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02460069
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02460058
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02460047
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02460036
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024600C4
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024600A9
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02460F35
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02460F46
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 024600DF
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02460FAF
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02460025
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02460098
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02460FCA
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02460FEF
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02460F57
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02450051
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02450087
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02450036
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0245001B
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02450076
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02450000
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02450FD4
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [65, 8A]
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02450FE5
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0038
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0027
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FD2
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FE3
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FC1
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF000C
.text C:\WINDOWS\system32\svchost.exe[1040] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80080
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80F81
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80065
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80FA8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B8004A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F5F
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F70
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B800D3
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B800C2
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80F1F
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80091
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80025
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B80F44
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B7001E
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70FA8
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FCD
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70065
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B7004A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B7002F
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60FA1
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FBC
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60FD7
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B6002C
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60011
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B50000
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 032F0FEF
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 032F005B
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 032F004A
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 032F0F70
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 032F0F97
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 032F001E
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 032F0098
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 032F0087
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 032F00DF
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 032F00CE
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 032F0F35
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 032F002F
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 032F0FDE
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 032F006C
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 032F0FB2
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 032F0FCD
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 032F00B3
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 030B0011
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 030B0F87
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 030B0FC0
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 030B0FE5
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 030B004E
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 030B0000
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 030B003D
.text C:\WINDOWS\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 030B002C
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 028A0F97
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 028A0FB2
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 028A0018
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 028A0FEF
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 028A0FCD
.text C:\WINDOWS\System32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 028A0FDE
.text C:\WINDOWS\System32\svchost.exe[1212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02890000
.text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02880FEF
.text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0288000A
.text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02880025
.text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02880FD4
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008F000A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008F0069
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008F0058
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008F0F7E
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008F0047
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008F0FC0
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008F00A9
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008F008E
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008F0F24
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008F0F35
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008F00D8
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008F0FAF
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008F0025
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008F0F63
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008F0036
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008F0F46
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008E001B
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008E0F8A
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008E0FCA
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008E0FA5
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008E003D
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008E002C
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D004B
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0FC0
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D003A
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D001D
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0F41
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F5C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0F6D
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0036
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0FAF
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC006C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0051
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0098
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC0EFF
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC00B3
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC0F9E
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC0F30
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC0FCA
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC007D
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0FAF
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB002F
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB0014
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB006C
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DB005B
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0040
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0F7F
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0F90
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0FC6
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0FAB
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0FE3
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0F6A
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD005F
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0F85
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0044
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FAC
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0F48
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0090
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F01
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F1C
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD0EF0
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0033
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD0F59
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD0022
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD0FD1
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD0F2D
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A0FA8
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A0F61
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A0FC3
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0FD4
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003A0F72
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003A0FE5
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 003A0F8D
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5A, 88]
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003A000A
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0039002E
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 0039001D
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390FC8
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390FEF
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390FAD
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390000
.text C:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00370000
.text C:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00370011
.text C:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0037002C
.text C:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00370047
.text C:\WINDOWS\system32\svchost.exe[1652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00380FEF
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB0000
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0F8D
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0078
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB005B
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0F9E
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FC3
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB00BA
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB00A9
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB0F35
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB0F50
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB00E9
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB004A
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0F7C
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB0FDE
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB002F
.text C:\Program Files\Messenger\msmsgs.exe[3656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB0F61
.text C:\Program Files\Messenger\msmsgs.exe[3656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F90069
.text C:\Program Files\Messenger\msmsgs.exe[3656] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F90FDE
.text C:\Program Files\Messenger\msmsgs.exe[3656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F90FEF
.text C:\Program Files\Messenger\msmsgs.exe[3656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F90000
.text C:\Program Files\Messenger\msmsgs.exe[3656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F90044
.text C:\Program Files\Messenger\msmsgs.exe[3656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F9001D
.text C:\Program Files\Messenger\msmsgs.exe[3656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FA0047
.text C:\Program Files\Messenger\msmsgs.exe[3656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FA007D
.text C:\Program Files\Messenger\msmsgs.exe[3656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FA0036
.text C:\Program Files\Messenger\msmsgs.exe[3656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FA001B
.text C:\Program Files\Messenger\msmsgs.exe[3656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FA006C
.text C:\Program Files\Messenger\msmsgs.exe[3656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FA000A
.text C:\Program Files\Messenger\msmsgs.exe[3656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FA0FCA
.text C:\Program Files\Messenger\msmsgs.exe[3656] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1A, 89]
.text C:\Program Files\Messenger\msmsgs.exe[3656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FA0FDB
.text C:\Program Files\Messenger\msmsgs.exe[3656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F80000
.text C:\Program Files\Messenger\msmsgs.exe[3656] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EE0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3656] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EE0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3656] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EE0000
.text C:\Program Files\Messenger\msmsgs.exe[3656] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00EE0FB9

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat 96CDBD20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:52 PM

Posted 06 November 2009 - 01:58 PM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:52 PM

Posted 11 November 2009 - 02:21 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:52 PM

Posted 11 November 2009 - 03:49 PM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Docpluto

Docpluto
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 12 November 2009 - 11:52 AM

Combofix.exe

this program freezes while conducting scans. HELP!

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:52 PM

Posted 12 November 2009 - 03:12 PM

Hi,

Please delete your copy of Combofix from your desktop and download a fresh one. Please rename it before saving to the desktop!
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 Docpluto

Docpluto
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 16 November 2009 - 02:11 PM

I have run combo fix as requested. I have run it also in safe mode. It freezes and does not complete every single time. HELP!

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:52 PM

Posted 16 November 2009 - 03:56 PM

Please download Sysprot Antirootkit from here

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to.
  • Open the text file and copy/paste the log here.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 Docpluto

Docpluto
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 16 November 2009 - 04:31 PM

Do you want me to disable any spyware and or virus protection before doing this?

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:52 PM

Posted 16 November 2009 - 04:46 PM

Hi,


Yes, please disable these programs.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 Docpluto

Docpluto
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 16 November 2009 - 04:50 PM

This hijack seems to occur with firefox and google doing redirects.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 688
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 740
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 764
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 808
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 820
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1096
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1192
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1296
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1332
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1528
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1600
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1664
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\ramaint.exe
PID: 1764
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeIn.exe
PID: 1944
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 232
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.EXE
PID: 532
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxtray.exe
PID: 556
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 564
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 572
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PID: 584
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 640
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PID: 732
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PID: 720
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 892
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PID: 164
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 824
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PID: 1176
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PID: 1260
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 1636
Hidden: No
Window Visible: No

Name: C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
PID: 1652
Hidden: No
Window Visible: No

Name: C:\Program Files\Messenger\msmsgs.exe
PID: 1784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 1836
Hidden: No
Window Visible: No

Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 1852
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PID: 2204
Hidden: No
Window Visible: No

Name: C:\Program Files\OpenOffice.org 3\program\soffice.exe
PID: 2468
Hidden: No
Window Visible: No

Name: C:\Program Files\OpenOffice.org 3\program\soffice.bin
PID: 2524
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 2956
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 464
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Bret\Desktop\Spyware and Malware removal\SysProt\SysProt\SysProt.exe
PID: 3444
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Bret\Desktop\Spyware and Malware removal\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 9E19B000
Module End: 9E1A6000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BA5A8000
Module End: BA5AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BA4B8000
Module End: BA4BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B9F79000
Module End: B9FA7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BA5AA000
Module End: BA5AC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B9F68000
Module End: B9F79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA0A8000
Module End: BA0B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA0B8000
Module End: BA0C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B9F49000
Module End: B9F68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BA5AC000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: B9F23000
Module End: B9F49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BA328000
Module End: BA32D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA0C8000
Module End: BA0D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: B9E4A000
Module End: B9F23000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA0D8000
Module End: BA0E1000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA0E8000
Module End: BA0F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: B9E2A000
Module End: B9E4A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B9E18000
Module End: B9E2A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: BA5AE000
Module End: BA5B0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS
Service Name: DRVMCDB
Module Base: B9E01000
Module End: B9E18000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA0F8000
Module End: BA101000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B9DEA000
Module End: B9E01000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B9D5D000
Module End: B9DEA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B9D30000
Module End: B9D5D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B9D16000
Module End: B9D30000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BA128000
Module End: BA131000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Service Name: ialm
Module Base: B8B09000
Module End: B90CD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B8AF5000
Module End: B8B09000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BA428000
Module End: BA42E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B8AD1000
Module End: B8AF5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BA430000
Module End: BA438000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B8AA9000
Module End: B8AD1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Service Name: RTLE8023xp
Module Base: B8A8F000
Module End: B8AA9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: BA138000
Module End: BA148000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: Serenum
Module Base: B9CEA000
Module End: B9CEE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: BA148000
Module End: BA155000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BA438000
Module End: BA43E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BA158000
Module End: BA163000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: BA168000
Module End: BA178000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: BA178000
Module End: BA187000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B8A6C000
Module End: B8A8F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\lmimirr.sys
Service Name: lmimirr
Module Base: BA737000
Module End: BA738000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA738000
Module End: BA739000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: BA622000
Module End: BA624000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: BA440000
Module End: BA448000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BA188000
Module End: BA195000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: B989C000
Module End: B989F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B8A55000
Module End: B8A6C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BA198000
Module End: BA1A3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: BA1A8000
Module End: BA1B4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BA448000
Module End: BA44D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B8A44000
Module End: B8A55000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: BA1B8000
Module End: BA1C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BA450000
Module End: BA455000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BA458000
Module End: BA45D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\RimSerial.sys
Service Name: RimVSerPort
Module Base: BA460000
Module End: BA467000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B8A14000
Module End: B8A44000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: B915D000
Module End: B9167000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BA468000
Module End: BA46E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BA624000
Module End: BA626000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B89B6000
Module End: B8A14000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: B9880000
Module End: B9884000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B4B88000
Module End: B4B92000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: B4B68000
Module End: B4B77000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: B0E76000
Module End: B0E78000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: 9E68E000
Module End: 9EB40000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: 9E66A000
Module End: 9E68E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: B4B58000
Module End: B4B67000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\IntcHdmi.sys
Service Name: IntcHdmiAddService
Module Base: 9E64A000
Module End: 9E66A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: B103E000
Module End: B1041000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BA628000
Module End: BA62A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 96607000
Module End: 96608000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BA62A000
Module End: BA62C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
Service Name: DLARTL_M
Module Base: 96193000
Module End: 96199000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 9618B000
Module End: 96192000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: 96183000
Module End: 96189000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BA62C000
Module End: BA62E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BA62E000
Module End: BA630000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 9617B000
Module End: 96180000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 96173000
Module End: 9617B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 96C48000
Module End: 96C4B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: 95707000
Module End: 9571A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: 956AE000
Module End: 95707000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfetdik.sys
Service Name: mfetdik
Module Base: 975FC000
Module End: 97608000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: 95688000
Module End: 956AE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: 95660000
Module End: 95688000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 975EC000
Module End: 975F5000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: 9563E000
Module End: 95660000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 975DC000
Module End: 975E5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: 95613000
Module End: 9563E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: 955A3000
Module End: 95613000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Service Name: mfehidk
Module Base: 95570000
Module End: 955A3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: 96CE0000
Module End: 96CEB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 9616B000
Module End: 96173000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: 96C28000
Module End: 96C2B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 96CC0000
Module End: 96CC9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: 96163000
Module End: 9616A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: 96C60000
Module End: 96C70000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: 96C50000
Module End: 96C5F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
Service Name: NuidFltr
Module Base: 9615B000
Module End: 96162000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Service Name: ---
Module Base: 95FDA000
Module End: 95FE7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Service Name: Wdf01000
Module Base: 954F5000
Module End: 95570000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 96131000
Module End: 96134000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 9541C000
Module End: 954F5000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 957C3000
Module End: 957C6000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: 95950000
Module End: 95955000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: B02A5000
Module End: B02A6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Service Name: DRVNDDM
Module Base: B90FD000
Module End: B9108000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLADResM.SYS
Service Name: DLADResM
Module Base: BA790000
Module End: BA791000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: 953C3000
Module End: 953DC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: 95938000
Module End: 9593E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: B9CC2000
Module End: B9CC5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLABMFSM.SYS
Service Name: DLABMFSM
Module Base: 95930000
Module End: 95938000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: 95928000
Module End: 9592F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: 953AD000
Module End: 953C3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: 95396000
Module End: 953AD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LANPkt.sys
Service Name: LANPkt
Module Base: B836B000
Module End: B836E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B835F000
Module End: B8363000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: 95341000
Module End: 9536E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\adfs.SYS
Service Name: adfs
Module Base: 95308000
Module End: 95319000
Hidden: No

Module Name: \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
Service Name: LMIInfo
Module Base: B0DCA000
Module End: B0DCC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: 9528E000
Module End: 952E0000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Service Name: LMIRfsDriver
Module Base: 9E1EB000
Module End: 9E1F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: 95251000
Module End: 95266000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: 9E1BB000
Module End: 9E1CA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: 94782000
Module End: 947C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: 93C06000
Module End: 93C31000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\splitter.sys
Service Name: splitter
Module Base: B0D12000
Module End: B0D14000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: 93BE2000
Module End: 93C06000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: D32K5JC1:5152
Remote Address: LOCALHOST:1625
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: D32K5JC1:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: D32K5JC1:2002
Remote Address: LOCALHOST:1028
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: D32K5JC1:1033
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: D32K5JC1:1028
Remote Address: LOCALHOST:2002
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
State: ESTABLISHED

Local Address: D32K5JC1.WP.COMCAST.NET:2866
Remote Address: APP03.LOGMEINRESCUE-ENTERPRISE.COM:HTTPS
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: D32K5JC1.WP.COMCAST.NET:2609
Remote Address: GW-IN-F106.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
State: CLOSE_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1828
Remote Address: WWW-CS-MTC17.EVIP.AOL.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1798
Remote Address: 149.174.254.214:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1795
Remote Address: GW-IN-F148.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1791
Remote Address: 64.210.72.25:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1782
Remote Address: GX-IN-F106.1E100.NET:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1781
Remote Address: 8.17.64.40:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1774
Remote Address: GW-IN-F18.1E100.NET:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1770
Remote Address: PRODWEBMAIL-MTC04.EVIP.AOL.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1769
Remote Address: YI-IN-F113.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1768
Remote Address: YI-IN-F113.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1761
Remote Address: GW-IN-F101.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:1760
Remote Address: GX-IN-F106.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: D32K5JC1.WP.COMCAST.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: D32K5JC1:41763
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
State: LISTENING

Local Address: D32K5JC1:41762
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
State: LISTENING

Local Address: D32K5JC1:30735
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
State: LISTENING

Local Address: D32K5JC1:30734
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
State: LISTENING

Local Address: D32K5JC1:2002
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: LISTENING

Local Address: D32K5JC1:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: D32K5JC1:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: D32K5JC1:3174
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
State: NA

Local Address: D32K5JC1:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: D32K5JC1:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: D32K5JC1.WP.COMCAST.NET:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: D32K5JC1.WP.COMCAST.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: D32K5JC1.WP.COMCAST.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: D32K5JC1.WP.COMCAST.NET:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: D32K5JC1:41762
Remote Address: NA
Type: UDP
Process: C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
State: NA

Local Address: D32K5JC1:30734
Remote Address: NA
Type: UDP
Process: C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
State: NA

Local Address: D32K5JC1:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: D32K5JC1:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe
State: NA

Local Address: D32K5JC1:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: D32K5JC1:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\LightningSand.CFD
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}
Status: Access denied




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users