Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal security pop up


  • Please log in to reply
19 replies to this topic

#1 dgtls

dgtls

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 24 February 2010 - 10:39 AM

Hello , I have been getting personal security pop ups stating that i have viruses and trojans on the system .I have scanned the system with mcafee and malwarebytes . superantispyware and microsoft live care , all the scans came out clean . But i keep getting '' message from webpage '' personal security warnings about viruses and spyware on the system.Any ideas and suggestions please. thanks

Edited by dgtls, 24 February 2010 - 10:43 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,585 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:53 PM

Posted 24 February 2010 - 02:23 PM

As no logs have been posted, I am shifting this topic from the specialized Malware Removal forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Please describe the issues you are experiencing with your computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 dgtls

dgtls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 24 February 2010 - 08:11 PM

Thanks for responding , I have been getting pop ups from personal security malware stating that i have viruses and trojans on the system and i have no antivirus installed. I have fully updated mcafee security center.Sometimes i get ''message from webpage'' stating system is not protected , different viruses and trojans found, then i get a red x mark at bottom corner by the clock stating no security software found. Computer is used for online banking so cauld you please advise me . thanks
This is exactly what i have ..http://www.bleepingcomputer.com/virus-removal/remove-security-antivirus
I tried malwarebytes and the scan didnt find anything.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,585 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:53 PM

Posted 25 February 2010 - 02:50 AM

Did you update Malwarebytes before running a scan? This is very important, if you run an outdated version, it will not be able to pick up the latest threads.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 dgtls

dgtls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 25 February 2010 - 08:53 AM

Yes i did update it before scanning .It seems like everytime i am on yahoo checking my emails[random not all the time] ,window pops up . This morning as i logged in the yahoo email account [just logged in , didnt open anything yet ]...mcafee found a trojan and cleaned it . I have run mcafee, malwarebytes, superantispyware , kaspersky online scan , windows live safety center , and windows defender scans and all came out clean. If you can suggest anything else i will try . thanks

#6 Arctic

Arctic

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 25 February 2010 - 08:57 AM

just a suggestion, for a secondary virus scanner.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
[/quote]
I can only help.. If i know what the problem is.

we never have time to do things right, but we always have time to do them again

LAWL

#7 dgtls

dgtls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 25 February 2010 - 09:52 AM

''No threats found '' ...thanks for the suggestion

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,585 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:53 PM

Posted 25 February 2010 - 09:53 AM

Hello, are you still having the popups at this point?

GMER
-------
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 dgtls

dgtls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 25 February 2010 - 02:10 PM

Yes i did get a pop up when i booted first thing in the morning .I scanned it with GMER [Main mirror ], took almost 4 hrs and then when i went to save it ,it froze[window not responding]. There were no rootkit warnings during the scan . Should i try it again . thanks for all your help.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,585 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:53 PM

Posted 25 February 2010 - 03:06 PM

Please try to run it with the "devices" box unchecked.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 dgtls

dgtls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 25 February 2010 - 05:19 PM

Hi there , i tried scan again after almost 2 hrs got a blue screen error [stop error memory dump ]
tried again this time devices unchecked , after 90 minutes or so it froze again .

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,585 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:53 PM

Posted 26 February 2010 - 05:34 AM

Okay, lets try this a little different: please check ONLY "sections" and "services" and run the scan now. This should be a lot faster and most likely not crash.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 dgtls

dgtls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 26 February 2010 - 11:07 AM

Hi there , strangely i have not seen anymore pop ups today ??. I did the scan and saved the log that gave me a fatal system error
here is the log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-26 11:01:38
Windows 5.1.2600 Service Pack 3
Running: 42uj755q.exe; Driver: C:\DOCUME~1\sonny\LOCALS~1\Temp\kwnoypod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP EE4FF7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP EE4FF78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP EE4FF7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP EE4FF7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP EE4FF7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP EE4FF714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP EE4FF728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP EE4FF766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP EE4FF750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11FA 5 Bytes JMP EE4FF73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP EE4FF77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AC 5 Bytes JMP EE4FF7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EE 7 Bytes JMP EE4FF891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D3C 7 Bytes JMP EE4FF87B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622066 7 Bytes JMP EE4FF8E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622904 7 Bytes JMP EE4FF8A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D8 7 Bytes JMP EE4FF84F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B6 5 Bytes JMP EE4FF825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C46 7 Bytes JMP EE4FF839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E16 7 Bytes JMP EE4FF865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF6 7 Bytes JMP EE4FF8D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80624260 7 Bytes JMP EE4FF8BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B88 5 Bytes JMP EE4FF811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EAE 7 Bytes JMP EE4FF93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516E 5 Bytes JMP EE4FF913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 80625862 5 Bytes JMP EE4FF927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8062597C 5 Bytes JMP EE4FF8FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0062
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F83
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0F9E
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC009F
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0084
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00C1
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00B0
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC00DC
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0073
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FAF
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F3C
.text C:\WINDOWS\system32\svchost.exe[532] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\svchost.exe[532] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0F94
.text C:\WINDOWS\system32\svchost.exe[532] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[532] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[532] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0047
.text C:\WINDOWS\system32\svchost.exe[532] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[532] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FA5
.text C:\WINDOWS\system32\svchost.exe[532] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[532] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\svchost.exe[532] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA005D
.text C:\WINDOWS\system32\svchost.exe[532] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FD2
.text C:\WINDOWS\system32\svchost.exe[532] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA001D
.text C:\WINDOWS\system32\svchost.exe[532] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA000C
.text C:\WINDOWS\system32\svchost.exe[532] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0042
.text C:\WINDOWS\system32\svchost.exe[532] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0007009A
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0007007F
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FB6
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700D0
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700FC
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700EB
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F48
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000700B5
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F77
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F7C
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F97
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0005005D
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050042
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0005000C
.text C:\WINDOWS\system32\services.exe[764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0080
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0065
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0F97
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0FA8
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE002F
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE00BD
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE00AC
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE00D8
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE0F3F
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE00E9
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE004A
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE0FDE
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0091
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE001E
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0FCD
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE0F5A
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0036
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0F94
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD001B
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0FAF
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ED, 88]
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0051
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0040
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0FB5
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FC6
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\lsass.exe[776] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0F5E
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F79
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0047
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0F8A
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0064
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F1C
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD009A
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0089
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0EE6
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0036
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FE5
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0F39
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0FB9
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FD4
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F01
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0FA8
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0F43
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0F68
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0F8D
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0031
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0FA6
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FD2
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FB7
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FE3
.text C:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C80071
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C80F7C
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C80056
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C80F8D
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C8000A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C800A2
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C80F5A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C800D1
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C80F38
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C80F13
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C80025
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C80FD4
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C80F6B
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C80FA8
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C80FB9
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C80F49
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C70033
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C70FA2
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C70022
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C70011
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C7005F
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C70044
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C70FC7
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C6003F
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C6002E
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C6001D
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C60FBE
.text C:\WINDOWS\system32\svchost.exe[1040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C60FE3
.text C:\WINDOWS\system32\svchost.exe[1040] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C50000
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0295000A
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02950F66
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02950F81
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02950F92
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02950051
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02950036
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 029500B8
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02950091
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029500EB
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029500DA
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02950106
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02950FB9
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02950FEF
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02950076
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02950025
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02950FDE
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 029500C9
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02940FD4
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02940FA5
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02940025
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02940FEF
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02940062
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0294000A
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02940051
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02940040
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02920070
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!system 77C293C7 5 Bytes JMP 02920FE5
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0292003A
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02920000
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02920055
.text C:\WINDOWS\System32\svchost.exe[1208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02920029
.text C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0267000A
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02660000
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02660FE5
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02660FCA
.text C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02660FAF
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F72
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650067
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0065004A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F97
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650095
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650078
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650F17
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500B0
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650F06
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650FA8
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650F57
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F32
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0064006C
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FCA
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640051
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00640FAF
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640040
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630F99
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FB4
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0063002E
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FCF
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660F6B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660060
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F86
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660043
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660FA1
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00660F44
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0066008C
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006600B1
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00660F22
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00660EF3
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00660032
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00660FDE
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0066007B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00660FB2
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660FCD
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00660F33
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00650F8D
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 88]
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640FBE
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640049
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0064002E
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640FD9
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0064001D
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B50F6D
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B50F88
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B50062
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50FAF
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50047
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B50F24
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B50F35
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B500B3
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50098
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B50EFF
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50FC0
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B50011
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B50F5C
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50FDB
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B5002C
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B50087
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B4002F
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B40F94
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40FD4
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B40FA5
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B40051
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B40040
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B30F97
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B30022
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B30FC3
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B30FB2
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0096
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE007B
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0FA1
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0FB2
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0FCD
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00C2
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE00B1
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0109
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00F8
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE011A
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0054
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F86
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00D3
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093002C
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930087
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FDB
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0093006C
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930047
.text C:\WINDOWS\system32\svchost.exe[1740] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FA6
.text C:\WINDOWS\system32\svchost.exe[1740] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB7
.text C:\WINDOWS\system32\svchost.exe[1740] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD2
.text C:\WINDOWS\system32\svchost.exe[1740] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1740] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920031
.text C:\WINDOWS\system32\svchost.exe[1740] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FE3
.text C:\WINDOWS\system32\svchost.exe[1740] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1740] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[1740] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[1740] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FE5
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F8B
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0080
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0065
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F5F
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F7A
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F29
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00C2
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00E7
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0054
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00A5
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A002F
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F44
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FB2
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F86
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FCD
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FDE
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290039
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FA1
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290028
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F75
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FAB
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0F90
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\Explorer.EXE[2736] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[2736] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0011
.text C:\WINDOWS\Explorer.EXE[2736] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0022
.text C:\WINDOWS\Explorer.EXE[2736] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C003D
.text C:\WINDOWS\Explorer.EXE[2736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 019F0FEF

---- EOF - GMER 1.0.15 ----

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,585 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:53 PM

Posted 26 February 2010 - 12:44 PM

Hello again,

The GMER log looks clean.

TFC
--------
Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.



SUPERANTISPYWARE
-----------------------------
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 dgtls

dgtls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 26 February 2010 - 02:20 PM

Hello again , thanks for all the help
here is the log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/26/2010 at 02:11 PM

Application Version : 4.34.1000

Core Rules Database Version : 4620
Trace Rules Database Version: 2432

Scan type : Complete Scan
Total Scan Time : 01:09:53

Memory items scanned : 250
Memory threats detected : 0
Registry items scanned : 6230
Registry threats detected : 0
File items scanned : 44441
File threats detected : 61

Adware.Tracking Cookie
C:\Documents and Settings\sonny\Cookies\sonny@interclick[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@questionmarket[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@edge.ru4[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@specificmedia[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@kontera[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@collective-media[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@ads.pointroll[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@media6degrees[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@lockedonmedia[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@at.atwola[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@adecn[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@richmedia.yahoo[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@atdmt[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@ar.atwola[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@burstnet[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@ad.wsod[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@content.yieldmanager[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@adbrite[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@bs.serving-sys[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@serving-sys[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@yieldmanager[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@ru4[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@trafficmp[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@insightexpressai[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@homestore.122.2o7[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@www.burstbeacon[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@ads.wfmz[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@content.yieldmanager[3].txt
C:\Documents and Settings\sonny\Cookies\sonny@msnservices.112.2o7[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@2o7[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@statse.webtrendslive[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@adinterax[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@apmebf[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@media.adfrontiers[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@a1.interclick[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@tacoda[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@www.burstnet[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@mediaplex[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@realmedia[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@advertising[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@casalemedia[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@atwola[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@msnportal.112.2o7[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@revsci[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@fastclick[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@cdn4.specificclick[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@tribalfusion[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@burstbeacon[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@zedo[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@tracking.realtor[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@microsoftsto.112.2o7[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@imrworldwide[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@pointroll[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@specificclick[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@ad.yieldmanager[2].txt
C:\Documents and Settings\sonny\Cookies\sonny@invitemedia[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@kanoodle[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@doubleclick[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@msnbc.112.2o7[1].txt
C:\Documents and Settings\sonny\Cookies\sonny@ads.bridgetrack[1].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users