Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis log: Please help diagnose


  • This topic is locked This topic is locked
6 replies to this topic

#1 rjm0723

rjm0723

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 April 2010 - 01:29 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:41 PM, on 4/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fujitsu\Utils\FjLidMon.exe
C:\Program Files\ITunes\iTunesHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\ITunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\rmcmur01\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://synapse.carolinas.org
O15 - Trusted Zone: http://*.carolinas.org
O15 - Trusted Zone: http://apcsympmsc01.carolinas.org
O15 - Trusted Zone: http://apcsympw01.carolinas.org
O15 - Trusted Zone: http://bhcsympmsc01.carolinas.org
O15 - Trusted Zone: http://blueridge-intranet.carolinas.org
O15 - Trusted Zone: http://chsapps.carolinas.org
O15 - Trusted Zone: http://cmcsympmsc01.carolinas.org
O15 - Trusted Zone: http://cmcsympw01.carolinas.org
O15 - Trusted Zone: http://crmcsympmsc01.carolinas.org
O15 - Trusted Zone: http://dcr-crncm-ms-01.carolinas.org
O15 - Trusted Zone: http://dcr-pvapp-2k-01.carolinas.org
O15 - Trusted Zone: http://dcr-pvapp-ms-01.carolinas.org
O15 - Trusted Zone: http://dcr-pvtst-2k-01.carolinas.org
O15 - Trusted Zone: http://dcr-pvtst-ms-01.carolinas.org
O15 - Trusted Zone: http://idxflow.carolinas.org
O15 - Trusted Zone: http://idxflowbr.carolinas.org
O15 - Trusted Zone: http://infosource.carolinas.org
O15 - Trusted Zone: http://Magic.carolinas.org
O15 - Trusted Zone: http://Magicreports.carolinas.org
O15 - Trusted Zone: http://Magicrpt.carolinas.org
O15 - Trusted Zone: http://Magictest.carolinas.org
O15 - Trusted Zone: http://Magictsd.carolinas.org
O15 - Trusted Zone: http://mmgsymp.carolinas.org
O15 - Trusted Zone: http://ncmpsympmsc01.carolinas.org
O15 - Trusted Zone: http://pvlsympmsc01.carolinas.org
O15 - Trusted Zone: http://sdexpress.carolinas.org
O15 - Trusted Zone: http://sdexpress2.carolinas.org
O15 - Trusted Zone: http://synapse.carolinas.org
O15 - Trusted Zone: http://transchartweb.carolinas.org
O15 - Trusted Zone: http://unvsympmsc01.carolinas.org
O15 - Trusted Zone: http://webapps.carolinas.org
O15 - Trusted Zone: *.carolinas.org
O15 - Trusted Zone: http://*.carolinas.org
O15 - Trusted Zone: http://*.synapse
O15 - Trusted Zone: http://apcsympmsc01.carolinas.org (HKLM)
O15 - Trusted Zone: http://apcsympw01.carolinas.org (HKLM)
O15 - Trusted Zone: http://bhcsympmsc01.carolinas.org (HKLM)
O15 - Trusted Zone: http://blueridge-intranet.carolinas.org (HKLM)
O15 - Trusted Zone: http://chsapps.carolinas.org (HKLM)
O15 - Trusted Zone: http://cmcsympmsc01.carolinas.org (HKLM)
O15 - Trusted Zone: http://cmcsympw01.carolinas.org (HKLM)
O15 - Trusted Zone: http://crmcsympmsc01.carolinas.org (HKLM)
O15 - Trusted Zone: http://dcr-crncm-ms-01.carolinas.org (HKLM)
O15 - Trusted Zone: http://dcr-pvapp-2k-01.carolinas.org (HKLM)
O15 - Trusted Zone: http://dcr-pvapp-ms-01.carolinas.org (HKLM)
O15 - Trusted Zone: http://dcr-pvtst-2k-01.carolinas.org (HKLM)
O15 - Trusted Zone: http://dcr-pvtst-ms-01.carolinas.org (HKLM)
O15 - Trusted Zone: http://idxflow.carolinas.org (HKLM)
O15 - Trusted Zone: http://idxflowbr.carolinas.org (HKLM)
O15 - Trusted Zone: http://infosource.carolinas.org (HKLM)
O15 - Trusted Zone: http://Magic.carolinas.org (HKLM)
O15 - Trusted Zone: http://Magicreports.carolinas.org (HKLM)
O15 - Trusted Zone: http://Magicrpt.carolinas.org (HKLM)
O15 - Trusted Zone: http://Magictest.carolinas.org (HKLM)
O15 - Trusted Zone: http://Magictsd.carolinas.org (HKLM)
O15 - Trusted Zone: http://mmgsymp.carolinas.org (HKLM)
O15 - Trusted Zone: http://ncmpsympmsc01.carolinas.org (HKLM)
O15 - Trusted Zone: http://pvlsympmsc01.carolinas.org (HKLM)
O15 - Trusted Zone: http://sdexpress.carolinas.org (HKLM)
O15 - Trusted Zone: http://sdexpress2.carolinas.org (HKLM)
O15 - Trusted Zone: http://synapse.carolinas.org (HKLM)
O15 - Trusted Zone: http://transchartweb.carolinas.org (HKLM)
O15 - Trusted Zone: http://unvsympmsc01.carolinas.org (HKLM)
O15 - Trusted Zone: http://webapps.carolinas.org (HKLM)
O15 - Trusted Zone: http://*.carolinas.org (HKLM)
O15 - Trusted Zone: http://*.synapse (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Carolinas.org
O17 - HKLM\Software\..\Telephony: DomainName = Carolinas.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Carolinas.org
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files\USBDLM\USBDLM.exe

--
End of file - 12238 bytes


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:50 PM

Posted 23 April 2010 - 11:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 rjm0723

rjm0723
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 April 2010 - 07:31 AM

DDS (Ver_10-03-17.01) - NTFSx86
Run by RMCMUR01 at 8:25:14.75 on Sat 04/24/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.324 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k netsvc6
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Program Files\Fujitsu\Utils\FjLidMon.exe
C:\Program Files\ITunes\iTunesHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\rmcmur01\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rmcmur01\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rmcmur01\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rmcmur01\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rmcmur01\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>;*.local
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\rmcmur01\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: carolinas.org
Trusted Zone: carolinas.org\*
Trusted Zone: carolinas.org\apcsympmsc01
Trusted Zone: carolinas.org\apcsympw01
Trusted Zone: carolinas.org\bhcsympmsc01
Trusted Zone: carolinas.org\blueridge-intranet
Trusted Zone: carolinas.org\chsapps
Trusted Zone: carolinas.org\cmcsympmsc01
Trusted Zone: carolinas.org\cmcsympw01
Trusted Zone: carolinas.org\crmcsympmsc01
Trusted Zone: carolinas.org\dcr-crncm-ms-01
Trusted Zone: carolinas.org\dcr-ipl-ms-01
Trusted Zone: carolinas.org\dcr-pvapp-2k-01
Trusted Zone: carolinas.org\dcr-pvapp-ms-01
Trusted Zone: carolinas.org\dcr-pvtst-2k-01
Trusted Zone: carolinas.org\dcr-pvtst-ms-01
Trusted Zone: carolinas.org\idxflow
Trusted Zone: carolinas.org\idxflowbr
Trusted Zone: carolinas.org\infosource
Trusted Zone: carolinas.org\iplannet
Trusted Zone: carolinas.org\Magic
Trusted Zone: carolinas.org\Magicreports
Trusted Zone: carolinas.org\Magicrpt
Trusted Zone: carolinas.org\Magictest
Trusted Zone: carolinas.org\Magictsd
Trusted Zone: carolinas.org\mmgsymp
Trusted Zone: carolinas.org\ncmpsympmsc01
Trusted Zone: carolinas.org\pvlsympmsc01
Trusted Zone: carolinas.org\sdexpress
Trusted Zone: carolinas.org\sdexpress2
Trusted Zone: carolinas.org\securemail
Trusted Zone: carolinas.org\synapse
Trusted Zone: carolinas.org\transchartweb
Trusted Zone: carolinas.org\unvsympmsc01
Trusted Zone: carolinas.org\webapps
Trusted Zone: dcr-ipl-ms-01
Trusted Zone: iplannet
Trusted Zone: scribe.com
Trusted Zone: scribe.com\transportal
Trusted Zone: synapse
Trusted Zone: winmt.com\edict
Trusted Zone: carolinas.org
Trusted Zone: carolinas.org\apcsympmsc01
Trusted Zone: carolinas.org\apcsympw01
Trusted Zone: carolinas.org\bhcsympmsc01
Trusted Zone: carolinas.org\blueridge-intranet
Trusted Zone: carolinas.org\chsapps
Trusted Zone: carolinas.org\cmcsympmsc01
Trusted Zone: carolinas.org\cmcsympw01
Trusted Zone: carolinas.org\crmcsympmsc01
Trusted Zone: carolinas.org\dcr-crncm-ms-01
Trusted Zone: carolinas.org\dcr-ipl-ms-01
Trusted Zone: carolinas.org\dcr-pvapp-2k-01
Trusted Zone: carolinas.org\dcr-pvapp-ms-01
Trusted Zone: carolinas.org\dcr-pvtst-2k-01
Trusted Zone: carolinas.org\dcr-pvtst-ms-01
Trusted Zone: carolinas.org\idxflow
Trusted Zone: carolinas.org\idxflowbr
Trusted Zone: carolinas.org\infosource
Trusted Zone: carolinas.org\iplannet
Trusted Zone: carolinas.org\Magic
Trusted Zone: carolinas.org\Magicreports
Trusted Zone: carolinas.org\Magicrpt
Trusted Zone: carolinas.org\Magictest
Trusted Zone: carolinas.org\Magictsd
Trusted Zone: carolinas.org\mmgsymp
Trusted Zone: carolinas.org\ncmpsympmsc01
Trusted Zone: carolinas.org\pvlsympmsc01
Trusted Zone: carolinas.org\sdexpress
Trusted Zone: carolinas.org\sdexpress2
Trusted Zone: carolinas.org\securemail
Trusted Zone: carolinas.org\synapse
Trusted Zone: carolinas.org\transchartweb
Trusted Zone: carolinas.org\unvsympmsc01
Trusted Zone: carolinas.org\webapps
Trusted Zone: dcr-ipl-ms-01
Trusted Zone: iplannet
Trusted Zone: scribe.com
Trusted Zone: scribe.com\transportal
Trusted Zone: synapse
Trusted Zone: winmt.com\edict
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
LSA: Authentication Packages = msv1_0 TivoliAP
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rmcmur01\applic~1\mozilla\firefox\profiles\byus8qux.default\
FF - plugin: c:\documents and settings\rmcmur01\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\rmcmur01\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2009-10-20 7168]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-1 64288]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-10-20 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-10-20 35456]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R1 NEOFLTR_650_14599;Juniper Networks TDI Filter Driver (NEOFLTR_650_14599);c:\windows\system32\drivers\NEOFLTR_650_14599.SYS [2009-11-4 77608]
R1 o6ko;Object Shell Smart Space Thumbnail WMP Changer Packet Networking;c:\windows\system32\drivers\o6ko.sys [2004-1-18 32768]
R1 TGRAB;Tivoli Remote Control Text Grabber;c:\windows\system32\tgrab.sys [2008-8-19 8288]
R2 CITMDRV;CITMDRV;c:\windows\system32\drivers\CITMDRV.SYS [2009-10-29 10752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-1-27 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-1-27 54608]
R2 srvoko6;Office Workstation Remote;c:\windows\system32\svchost.exe -k netsvc6 [2003-3-31 14336]
R2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2007-2-14 116224]
R3 Eqnmirdd;Eqnmirdd;c:\windows\system32\drivers\Eqnmirdd.sys [2009-10-28 6172]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2009-10-20 18944]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2009-10-20 5632]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2009-10-20 30976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
R3 KeyEx2;Tivoli Remote Control Keyboard Filter;c:\windows\system32\drivers\KEYEX2.SYS [2009-10-28 5837]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-10-28 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-10-28 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-10-28 177864]
R3 MouEx2;Tivoli Remote Control Pointer Filter;c:\windows\system32\drivers\MOUEX2.SYS [2009-10-28 4638]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-3-4 311568]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2009-10-19 13568]
S4 lcfd;Tivoli Endpoint;c:\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2009-10-28 184320]
S4 TME10RC;Tivoli Remote Control Service;c:\windows\RCSERV.EXE [2009-10-28 77824]
S4 TRCTARGET;IBM Tivoli Remote Control - Target;c:\program files\ibm\tivoli\remote control\target\trc_base.exe [2008-8-19 344576]

=============== Created Last 30 ================

2010-04-11 19:30:17 0 d-----w- c:\program files\iPod
2010-04-11 19:29:58 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-11 19:22:15 0 d-----w- c:\program files\Bonjour
2010-03-25 21:51:29 737280 ----a-w- c:\windows\iun6002.exe
2010-03-25 21:51:28 0 d-----w- c:\program files\2010 ALSO Syllabus

==================== Find3M ====================

2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-28 01:54:47 15880 ----a-w- c:\windows\system32\lsdelete.exe

============= FINISH: 8:26:29.26 ===============


#4 rjm0723

rjm0723
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 April 2010 - 07:54 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-24 08:42:30
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\rmcmur01\LOCALS~1\Temp\pgrirpow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF762D87E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF762DBFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA8E7D22D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA8E7D257]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA8E7D1C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA8E7D1ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA8E7D281]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA8E7D197]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA8E7D241]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA8E7D1D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA8E7D219]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA8E7D297]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA8E7D26B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BD8 805037D8 2 Bytes [7E, D8] {JLE 0xffffffffffffffda}
.text ntkrnlpa.exe!ZwCallbackReturn + 2F10 80503B10 2 Bytes [FE, DB]
.text ntkrnlpa.exe!ZwYieldExecution 80503DBC 7 Bytes JMP A8E7D26F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577E5E 5 Bytes JMP A8E7D231 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B09CE 7 Bytes JMP A8E7D285 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B17DC 5 Bytes JMP A8E7D29B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6DA2 7 Bytes JMP A8E7D245 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFA1C 5 Bytes JMP A8E7D25B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1170 5 Bytes JMP A8E7D21D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621A6E 7 Bytes JMP A8E7D1DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 806224D8 7 Bytes JMP A8E7D1C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 806226A8 7 Bytes JMP A8E7D1F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806233DE 5 Bytes JMP A8E7D19B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\drivers\o6ko.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[208] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 009F0FE5
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[208] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 009F0FAD
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[208] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 009F0FD4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[208] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 009F0000
.text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[612] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 009F0FE5
.text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[612] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 009F0FAD
.text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[612] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 009F0FD4
.text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[612] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 009F0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BB0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BB0F4D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BB0F68
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BB0F79
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BB0F94
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BB002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BB006E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BB005D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BB0EFA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BB0093
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00BB00A4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00BB0FA5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00BB000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00BB0F3C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00BB0FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00BB001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00BB0F15
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BA0040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BA0087
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BA0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BA0014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BA0076
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BA0FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BA0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BA0051
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90044
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90029
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90018
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B80000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 009F0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 009F0FAD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 009F0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070067
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0007004C
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070082
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F3C
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F04
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F15
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 000700AE
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00070F4D
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0005004E
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050033
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD7
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050022
.text C:\WINDOWS\system32\services.exe[1128] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00060076
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[1128] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070060
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F61
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0007003B
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070F0E
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F35
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070EF3
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0007008C
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 000700A7
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00070F50
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070071
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0006008A
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0006006F
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00060FCD
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00060054
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0005004C
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FC1
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\lsass.exe[1140] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\lsass.exe[1140] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00840FEF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0084009D
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0084008C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0084006F
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00840FB2
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00840039
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008400DC
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008400BF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0084012D
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0084011C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80AC28 2 Bytes JMP 00840148
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetProcAddress + 3 7C80AC2B 2 Bytes [03, 84]
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00840054
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00840FDE
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 008400AE
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00840028
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00840FCD
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008400F7
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00830FB9
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00830076
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00830FCA
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0083000A
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00830065
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0083004A
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00830FE5
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0083002F
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00820F86
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00820FA1
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00820011
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00820000
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00820FB2
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00820FD7
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00810FEF
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009E0071
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009E0060
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009E0039
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009E0F7C
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009E0FA1
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009E0F3A
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009E0082
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009E0F0E
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009E0F1F
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 009E0EFD
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 009E0028
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 009E0F57
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 009E0FB2
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 009E0FC3
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 009E009D
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009D0FCD
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009D0040
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009D0025
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009D008A
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009D0065
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009C0031
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!system 77C293C7 5 Bytes JMP 009C0016
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009C0FB7
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009C0FE3
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009C0FA6
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009C0FD2
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 029F0FEF
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 029F004A
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 029F0F5F
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 029F0F70
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 029F0F8D
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 029F0FA8
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 029F0078
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 029F0F30
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 029F0ED5
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 029F0EFA
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 029F0EBA
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 029F002F
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 029F0FD4
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 029F005B
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 029F0FB9
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 029F000A
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 029F0F0B
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 029E0FC3
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 029E004A
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 029E0FD4
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 029E0014
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 029E002F
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 029E0F83
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 029E0FEF
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 029E0FA8
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 029D0031
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes JMP 029D0F9C
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 029D0FC8
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_open 77C2F566 5 Bytes JMP 029D0000
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 029D0FAD
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 029D0FE3
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 026A0000
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 029C0000
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 029C0FD4
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 029C0FE5
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 029C0027
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00900F69
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00900F7A
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00900054
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00900F97
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00900F20
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00900F31
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009000A5
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00900094
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 009000B6
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00900FA8
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00900F4E
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00900025
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00900083
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008F0FCA
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008F0F8D
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008F001B
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008F0FE5
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008F004A
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008F0FA8
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008F0FB9
.text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008E0F9E
.text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!system 77C293C7 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008E0029
.text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00730FEF
.text C:\WINDOWS\system32\svchost.exe[1516] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[1516] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 00740FB9
.text C:\WINDOWS\system32\svchost.exe[1516] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 00740FCA
.text C:\WINDOWS\system32\svchost.exe[1516] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 0074000C
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C90F8B
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C90076
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C90065
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C90FA8
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C9004A
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C90F5F
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C9009B
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C90F3A
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C900D3
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00C900EE
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00C90FC3
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00C9000A
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00C90F70
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00C9002F
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00C90FDE
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00C900C2
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C80014
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C80F83
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C80FC3
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C80FD4
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C80036
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C80F9E
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C80025
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C70FB9
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C70FD4
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C70029
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C70044
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C70018
.text C:\WINDOWS\System32\svchost.exe[1560] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A0FE5
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A005D
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A0042
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A0F68
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A0F79
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A0FB9
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A00B0
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A0089
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A00E6
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A00CB
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008A0F32
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 008A0F94
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008A0000
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 008A006E
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 008A0025
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 008A0FCA
.text C:\WINDOWS\System32\svchost.exe[1568] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008A0F4D
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00890FD4
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00890076
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0089001B
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00890FEF
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00890065
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00890040
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00890FB9
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00880F8B
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00880016
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00880FB7
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00880FEF
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00880FA6
.text C:\WINDOWS\System32\svchost.exe[1568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00880FD2
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A20000
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A2004C
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A20F61
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A20F72
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A20F83
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A2001B
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A20F29
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A20071
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A20096
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A20EFD
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A20EE2
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A20F9E
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A20F46
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A20FB9
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A20FD4
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A20F18
.text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A10025
.text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A1006C
.text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A10FDB
.text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A1005B
.text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A10FAF
.text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A10000
.text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A10036
.text C:\WINDOWS\System32\svchost.exe[1660] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A00055
.text C:\WINDOWS\System32\svchost.exe[1660] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00FCA
.text C:\WINDOWS\System32\svchost.exe[1660] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A00029
.text C:\WINDOWS\System32\svchost.exe[1660] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00000
.text C:\WINDOWS\System32\svchost.exe[1660] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A0003A
.text C:\WINDOWS\System32\svchost.exe[1660] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\System32\svchost.exe[1660] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\System32\svchost.exe[1660] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 009E0000
.text C:\WINDOWS\System32\svchost.exe[1660] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 009E001B
.text C:\WINDOWS\System32\svchost.exe[1660] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 009E0FE5
.text C:\WINDOWS\System32\svchost.exe[1660] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 009E0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02790000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0279007D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0279006C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02790051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02790F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02790FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02790F52
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0279009A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02790F2D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 027900C6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 027900E1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 02790036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02790FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 02790F63
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 0279001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 02790FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 027900B5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02780FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 02780FB6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02780022
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02780011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0278007D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0278006C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02780000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02780051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02770FA3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!system 77C293C7 5 Bytes JMP 02770FBE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0277002E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02770000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02770FCF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0277001D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02760000
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011F000A
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 011F006C
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 011F0051
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 011F0F77
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 011F0F94
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 011F0040
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 011F00B3
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 011F0098
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011F0F24
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011F0F3F
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 011F00D8
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 011F0FB9
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 011F0FEF
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 011F0087
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 011F002F
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 011F0FD4
.text C:\WINDOWS\Explorer.EXE[2572] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 011F0F50
.text C:\WINDOWS\Explorer.EXE[2572] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011D0027
.text C:\WINDOWS\Explorer.EXE[2572] msvcrt.dll!system 77C293C7 5 Bytes JMP 011D0F92
.text C:\WINDOWS\Explorer.EXE[2572] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011D0FD2
.text C:\WINDOWS\Explorer.EXE[2572] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011D0FE3
.text C:\WINDOWS\Explorer.EXE[2572] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011D0FB7
.text C:\WINDOWS\Explorer.EXE[2572] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011D0000
.text C:\WINDOWS\Explorer.EXE[2572] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 011E0FB6
.text C:\WINDOWS\Explorer.EXE[2572] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 011E0F76
.text C:\WINDOWS\Explorer.EXE[2572] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 011E0FDB
.text C:\WINDOWS\Explorer.EXE[2572] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 011E0011
.text C:\WINDOWS\Explorer.EXE[2572] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 011E0033
.text C:\WINDOWS\Explorer.EXE[2572] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 011E0F91
.text C:\WINDOWS\Explorer.EXE[2572] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 011E0000
.text C:\WINDOWS\Explorer.EXE[2572] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 011E0022
.text C:\WINDOWS\Explorer.EXE[2572] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 011C0FEF
.text C:\WINDOWS\Explorer.EXE[2572] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 011C0FC8
.text C:\WINDOWS\Explorer.EXE[2572] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 011C000A
.text C:\WINDOWS\Explorer.EXE[2572] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 011C0FB7
.text C:\WINDOWS\Explorer.EXE[2572] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BC0000
.text C:\Program Files\ITunes\iTunesHelper.exe[2776] WININET.DLL!InternetOpenA 771C6D2A 5 Bytes JMP 009F0FE5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.)
.text C:\Program Files\ITunes\iTunesHelper.exe[2776] WININET.DLL!InternetOpenUrlA 771C6FDD 5 Bytes JMP 009F0FAD C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.)
.text C:\Program Files\ITunes\iTunesHelper.exe[2776] WININET.DLL!InternetOpenW 771D6CF3 5 Bytes JMP 009F0FD4 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.)
.text C:\Program Files\ITunes\iTunesHelper.exe[2776] WININET.DLL!InternetOpenUrlW 771D7304 5 Bytes JMP 009F0000 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.)
.text C:\Program Files\Common Files\Sonic Shared\CineTray.exe[3464] wininet.dll!InternetOpenA 771C6D2A 5 Bytes JMP 009F0FE5
.text C:\Program Files\Common Files\Sonic Shared\CineTray.exe[3464] wininet.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 009F0FAD
.text C:\Program Files\Common Files\Sonic Shared\CineTray.exe[3464] wininet.dll!InternetOpenW 771D6CF3 5 Bytes JMP 009F0FD4
.text C:\Program Files\Common Files\Sonic Shared\CineTray.exe[3464] wininet.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 009F0000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!IsCharAlphaNumericA] 77D7F189
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!IntersectRect] 77D4B3E7
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EqualRect] 77D4BDD1
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!wsprintfW] 77D4A862
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!LoadIconA] 77D521AE
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!LoadImageA] 77D6F4DC
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DestroyIcon] 77D4E8CE
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetForegroundWindow] 77D566A7
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EnumChildWindows] 77D4E5BA
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowTextA] 77D4DC5A
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!GetParent] 77D4B5D7
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!GetWindowRect] 77D4B57C
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!ScreenToClient] 77D4C5B8
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] 77D4C78E
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SendMessageA] 77D4E2AE
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!PostMessageA] 77D4DB62
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!FindWindowA] 77D6F3C6
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!LoadStringA] 77D6EC98
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!ShowWindow] 77D4D4DE
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!GetDesktopWindow] 77D4D7BB
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!wsprintfA] 77D4A2DE
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CharLowerA] 77D6EED5
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DestroyWindow] 77D4E666
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!IsDlgButtonChecked] 77D70315
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EnableWindow] 77D4C4D4
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetFocus] 77D4E5DC
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!GetDlgItem] 77D552A4
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog] 77D56CC9
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CheckDlgButton] 77D589A8
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExA] 77D5190B
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!RegisterWindowMessageA] 77D48E00
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!KillTimer] 77D48C1A
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetTimer] 77D48C06
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 77D4DF6B
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] 77D4DED3
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!GetWindowLongA] 77D4947C
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!RegisterClassA] 77D52316
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CharNextA] 77D6EC40
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CharToOemA] 77D4AD9B
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CharUpperA] 77D48D03
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CharLowerW] 77D49F64
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SendDlgItemMessageA] 77D6152F
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!IsWindow] 77D4B7DB
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CharNextExA] 77D993F6
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!WinHelpA] 77D650CF
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!wcslen] 4DC37FCC
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!free] 4DC1C21B
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!wcscmp] 4DC37EE3
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!wcscpy] 4DC37E94
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!malloc] 4DC1C407
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!isupper] 4DC0BB4E
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!isdigit] 4DC0BBD6
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!isxdigit] 4DC0BC1A
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!sprintf] 4DC2F931
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_except_handler3] 4DC25C94
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!bsearch] 4DC26BE5
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!qsort] 4DC26F50
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_ltoa] 4DC0C222
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!strtoul] 4DC0D730
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!wcscat] 4DC37E61
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!wcschr] 4DC37EB8
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_itow] 4DC0C392
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_ltow] 4DC0C3C1
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_snwprintf] 4DC2FB0C
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_ultoa] 4DC0C24E
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!memmove] 4DC372B0
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!strncpy] 4DC37A90
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_wcsnicmp] 4DC36ABB
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_wcsicmp] 4DC367BD
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_initterm] 4DC29D67
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_adjust_fdiv] 4DC523D8
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!__dllonexit] 4DC24E51
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!_onexit] 4DC24DF8
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!atol] 4DC0BE7B
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [msvcrt.dll!strncmp] 4DC37A50
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] 77D48F75
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetProcessDefaultLayout] 77D860BD
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!wsprintfW] 77D4A862
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!MessageBoxW] 77D96116
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!MessageBoxA] 77D8050B
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!LoadStringA] 77D6EC98
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!LoadStringW] 77D49C36
IAT C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[804] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!wsprintfA] 77D4A2DE
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F0C0000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F0C0000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F100000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[2572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F100000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_650_14599.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Ip o6ko.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 KeyEx2.SYS (IBM Tivoli Remote Control Keyboard Filter Driver/International Business Machines, Corp.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_14599.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp o6ko.sys
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_14599.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp o6ko.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_650_14599.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp o6ko.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


#5 rjm0723

rjm0723
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 April 2010 - 07:55 AM

The problem with my computer is that I cannot update virus scan or spyware, and when I try to link to pages like this one, it will not let me on the infected computer.

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:50 PM

Posted 25 April 2010 - 03:21 AM

Hello, rjm0723
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:50 PM

Posted 30 April 2010 - 11:04 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users