Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine redirect virus


  • Please log in to reply
7 replies to this topic

#1 anbrantley33

anbrantley33

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 09 June 2010 - 07:34 PM

I have been infected with a virus that redirects me everytime I click on a link via a search engine. I have ran Malwarebytes and removed 16 infections, but the problem remains. I have downloaded Hi Jack This, but don't know what to do from here. Please help, so that I can rid my PC these problems.

EDIT: Moved from XP to more appropriate Am I Infected forum ~ Hamluis.

Edited by hamluis, 09 June 2010 - 07:37 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:50 AM

Posted 09 June 2010 - 09:45 PM

Hello amd welcome.Please post that MBAM log.
Is this an XP machine?

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 anbrantley33

anbrantley33
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 13 June 2010 - 07:23 PM

Yes this is an XP Machine

Mbam Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4184

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/9/2010 4:44:52 PM
mbam-log-2010-06-09 (16-44-52).txt

Scan type: Quick scan
Objects scanned: 153579
Time elapsed: 18 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\thotbhhp (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dlsoqtxx (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\udrrviyl (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\thotbhhp (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dlsoqtxx (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\udrrviyl (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wupd.dat (Malware.Trace) -> Quarantined and deleted successfully.


Here is the SuperAntiSpyware Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/13/2010 at 02:53 AM

Application Version : 4.39.1002

Core Rules Database Version : 5061
Trace Rules Database Version: 2873

Scan type : Complete Scan
Total Scan Time : 02:59:52

Memory items scanned : 276
Memory threats detected : 0
Registry items scanned : 7068
Registry threats detected : 2
File items scanned : 74250
File threats detected : 434

Adware.Gamevance
HKU\S-1-5-21-1659004503-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}

Adware.Tracking Cookie
C:\Documents and Settings\DWB\Cookies\dwb@ad.wsod[2].txt
C:\Documents and Settings\DWB\Cookies\dwb@doubleclick[1].txt
C:\Documents and Settings\DWB\Cookies\dwb@www.stopzilla[1].txt
C:\Documents and Settings\DWB\Cookies\dwb@stopzilla[2].txt
C:\Documents and Settings\DWB\Cookies\dwb@bizzclick[1].txt
C:\Documents and Settings\DWB\Cookies\dwb@imrworldwide[2].txt
C:\Documents and Settings\DWB\Cookies\dwb@advertise[1].txt
C:\Documents and Settings\DWB\Cookies\dwb@ad.yieldmanager[2].txt
ads1.msn.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
content.oddcast.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
interclick.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
m1.2mdn.net [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
macromedia.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
media.tattomedia.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
media.thewb.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
msnbcmedia.msn.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
msntest.serving-sys.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
serving-sys.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
spe.atdmt.com [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
udn.specificclick.net [ C:\Documents and Settings\Alison\Application Data\Macromedia\Flash Player\#SharedObjects\TGW48K5Q ]
C:\Documents and Settings\Alison\Cookies\alison@247realmedia[1].txt
C:\Documents and Settings\Alison\Cookies\alison@2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@a1.interclick[1].txt
C:\Documents and Settings\Alison\Cookies\alison@accountonline[2].txt
C:\Documents and Settings\Alison\Cookies\alison@ad.wsod[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ad.yieldmanager[1].txt
C:\Documents and Settings\Alison\Cookies\alison@adbrite[2].txt
C:\Documents and Settings\Alison\Cookies\alison@adinsert.buddymedia[1].txt
C:\Documents and Settings\Alison\Cookies\alison@adinterax[2].txt
C:\Documents and Settings\Alison\Cookies\alison@adlegend[2].txt
C:\Documents and Settings\Alison\Cookies\alison@adopt.euroclick[1].txt
C:\Documents and Settings\Alison\Cookies\alison@adopt.specificclick[1].txt
C:\Documents and Settings\Alison\Cookies\alison@adrevolver[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.ak.facebook[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.bridgetrack[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.cluster01.oasis.zmh.zope[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.glispa[2].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.lockedonmedia[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.loudsocial[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.networldmedia[2].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.oneplace[2].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.pointroll[2].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.socialreach[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ads.undertone[2].txt
C:\Documents and Settings\Alison\Cookies\alison@adserve.brandgivewaycentre[1].txt
C:\Documents and Settings\Alison\Cookies\alison@adserver.adtechus[1].txt
C:\Documents and Settings\Alison\Cookies\alison@advertising[2].txt
C:\Documents and Settings\Alison\Cookies\alison@apmebf[2].txt
C:\Documents and Settings\Alison\Cookies\alison@ar.atwola[2].txt
C:\Documents and Settings\Alison\Cookies\alison@ar.atwola[3].txt
C:\Documents and Settings\Alison\Cookies\alison@at.atwola[1].txt
C:\Documents and Settings\Alison\Cookies\alison@atdmt[2].txt
C:\Documents and Settings\Alison\Cookies\alison@atwola[1].txt
C:\Documents and Settings\Alison\Cookies\alison@azjmp[1].txt
C:\Documents and Settings\Alison\Cookies\alison@bardondirect.directtrack[2].txt
C:\Documents and Settings\Alison\Cookies\alison@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@bluestreak[1].txt
C:\Documents and Settings\Alison\Cookies\alison@bs.serving-sys[2].txt
C:\Documents and Settings\Alison\Cookies\alison@burstnet[2].txt
C:\Documents and Settings\Alison\Cookies\alison@casalemedia[1].txt
C:\Documents and Settings\Alison\Cookies\alison@cbs.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@cdn4.specificclick[1].txt
C:\Documents and Settings\Alison\Cookies\alison@centralmediaserver[2].txt
C:\Documents and Settings\Alison\Cookies\alison@chitika[1].txt
C:\Documents and Settings\Alison\Cookies\alison@classmates.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@clickbooth[1].txt
C:\Documents and Settings\Alison\Cookies\alison@collective-media[1].txt
C:\Documents and Settings\Alison\Cookies\alison@content.yieldmanager[2].txt
C:\Documents and Settings\Alison\Cookies\alison@content.yieldmanager[3].txt
C:\Documents and Settings\Alison\Cookies\alison@cooking.adbureau[1].txt
C:\Documents and Settings\Alison\Cookies\alison@cookingcom.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@data.coremetrics[1].txt
C:\Documents and Settings\Alison\Cookies\alison@dmtracker[1].txt
C:\Documents and Settings\Alison\Cookies\alison@doubleclick[1].txt
C:\Documents and Settings\Alison\Cookies\alison@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Alison\Cookies\alison@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@euroclick[1].txt
C:\Documents and Settings\Alison\Cookies\alison@fastclick[2].txt
C:\Documents and Settings\Alison\Cookies\alison@host-d.oddcast[1].txt
C:\Documents and Settings\Alison\Cookies\alison@hulu.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@iacas.adbureau[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ileadztracker[1].txt
C:\Documents and Settings\Alison\Cookies\alison@imrworldwide[2].txt
C:\Documents and Settings\Alison\Cookies\alison@indianapoliscolts.122.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@insightexpressai[2].txt
C:\Documents and Settings\Alison\Cookies\alison@interclick[2].txt
C:\Documents and Settings\Alison\Cookies\alison@invitemedia[2].txt
C:\Documents and Settings\Alison\Cookies\alison@lenovo.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@lfstmedia[2].txt
C:\Documents and Settings\Alison\Cookies\alison@lockedonmedia[2].txt
C:\Documents and Settings\Alison\Cookies\alison@login.tracking101[1].txt
C:\Documents and Settings\Alison\Cookies\alison@lynxtrack[1].txt
C:\Documents and Settings\Alison\Cookies\alison@marketlive.122.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@marriottinternational.122.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@media.adrevolver[2].txt
C:\Documents and Settings\Alison\Cookies\alison@media.adrevolver[3].txt
C:\Documents and Settings\Alison\Cookies\alison@media.www.bgnews[1].txt
C:\Documents and Settings\Alison\Cookies\alison@media6degrees[1].txt
C:\Documents and Settings\Alison\Cookies\alison@mediaplex[2].txt
C:\Documents and Settings\Alison\Cookies\alison@msnbc.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@msnportal.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@network.realmedia[1].txt
C:\Documents and Settings\Alison\Cookies\alison@nextag[2].txt
C:\Documents and Settings\Alison\Cookies\alison@oasn04.247realmedia[2].txt
C:\Documents and Settings\Alison\Cookies\alison@overture[1].txt
C:\Documents and Settings\Alison\Cookies\alison@pluckit.demandmedia[1].txt
C:\Documents and Settings\Alison\Cookies\alison@pointroll[2].txt
C:\Documents and Settings\Alison\Cookies\alison@popcapgames.122.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@pro-market[2].txt
C:\Documents and Settings\Alison\Cookies\alison@publishers.clickbooth[2].txt
C:\Documents and Settings\Alison\Cookies\alison@qnsr[1].txt
C:\Documents and Settings\Alison\Cookies\alison@questionmarket[2].txt
C:\Documents and Settings\Alison\Cookies\alison@realmedia[2].txt
C:\Documents and Settings\Alison\Cookies\alison@rev.remnantmedianetwork[2].txt
C:\Documents and Settings\Alison\Cookies\alison@revenue[2].txt
C:\Documents and Settings\Alison\Cookies\alison@revsci[2].txt
C:\Documents and Settings\Alison\Cookies\alison@richmedia.yahoo[2].txt
C:\Documents and Settings\Alison\Cookies\alison@rotator.adjuggler[1].txt
C:\Documents and Settings\Alison\Cookies\alison@sales.liveperson[1].txt
C:\Documents and Settings\Alison\Cookies\alison@sales.liveperson[2].txt
C:\Documents and Settings\Alison\Cookies\alison@sales.liveperson[3].txt
C:\Documents and Settings\Alison\Cookies\alison@sales.liveperson[4].txt
C:\Documents and Settings\Alison\Cookies\alison@secure-media-sf2p.facebook[2].txt
C:\Documents and Settings\Alison\Cookies\alison@server.cpmstar[2].txt
C:\Documents and Settings\Alison\Cookies\alison@serving-sys[2].txt
C:\Documents and Settings\Alison\Cookies\alison@socialmedia[2].txt
C:\Documents and Settings\Alison\Cookies\alison@specificclick[2].txt
C:\Documents and Settings\Alison\Cookies\alison@specificmedia[1].txt
C:\Documents and Settings\Alison\Cookies\alison@statcounter[2].txt
C:\Documents and Settings\Alison\Cookies\alison@stats.adbrite[1].txt
C:\Documents and Settings\Alison\Cookies\alison@statse.webtrendslive[1].txt
C:\Documents and Settings\Alison\Cookies\alison@tacoda[2].txt
C:\Documents and Settings\Alison\Cookies\alison@track.mtrgsrv[1].txt
C:\Documents and Settings\Alison\Cookies\alison@tradedoubler[2].txt
C:\Documents and Settings\Alison\Cookies\alison@trafficmp[2].txt
C:\Documents and Settings\Alison\Cookies\alison@tribalfusion[1].txt
C:\Documents and Settings\Alison\Cookies\alison@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@ussearch.122.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@viacom.adbureau[2].txt
C:\Documents and Settings\Alison\Cookies\alison@videoegg.adbureau[1].txt
C:\Documents and Settings\Alison\Cookies\alison@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Alison\Cookies\alison@webventures.directtrack[2].txt
C:\Documents and Settings\Alison\Cookies\alison@www.accountonline[1].txt
C:\Documents and Settings\Alison\Cookies\alison@www.burstnet[2].txt
C:\Documents and Settings\Alison\Cookies\alison@www.ecoretrack[1].txt
C:\Documents and Settings\Alison\Cookies\alison@www.epitrack[1].txt
C:\Documents and Settings\Alison\Cookies\alison@www.googleadservices[2].txt
C:\Documents and Settings\Alison\Cookies\alison@www.googleadservices[3].txt
C:\Documents and Settings\Alison\Cookies\alison@yieldmanager[1].txt
C:\Documents and Settings\Alison\Cookies\alison@zedo[1].txt
ads1.msn.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
adsatt.espn.go.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
alotporn.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
cdn-www.pornhub.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
cdn4.specificclick.net [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
convoad.technoratimedia.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
core.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
crackle.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
ec.atdmt.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
interclick.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
m1.2mdn.net [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
macromedia.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
media-macys2.pictela.net [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
media.resulthost.org [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
media.scanscout.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
media.tattomedia.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
media1.break.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
mediaforgews.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
msnbcmedia.msn.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
objects.tremormedia.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
s0.2mdn.net [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
service.twistage.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
serving-sys.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
spe.atdmt.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
static.2mdn.net [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
udn.specificclick.net [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
vidii.hardsextube.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
www.pornergy.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
www.sexualise.net [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
www.stevesadultvideos.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
www.thehardbleeped.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
www.ziporn.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
xxxbunker.com [ C:\Documents and Settings\DWB\Application Data\Macromedia\Flash Player\#SharedObjects\3SC4V2D6 ]
.247realmedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.adbureau.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.bridge2.admarketplace.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.counter.surfcounters.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.mcafee.122.2o7.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.qnsr.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.qnsr.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.qnsr.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.statse.webtrendslive.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.www.apartmentfinder.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.www.burstbeacon.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
cnhi.siteencore.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
cnhi.siteencore.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
banner.adchemy.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
banner.adchemy.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.burstbeacon.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ads2.drivelinemedia.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
www.stopzilla.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
cms.trafficmp.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.bluestreak.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\DWB\Application Data\Mozilla\Firefox\Profiles\l4dbk2ol.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\kfga1r9i.default\cookies.sqlite ]
convoad.technoratimedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JYDXTMN2 ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JYDXTMN2 ]
media-glam.pictela.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JYDXTMN2 ]
media-macys.pictela.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JYDXTMN2 ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JYDXTMN2 ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JYDXTMN2 ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JYDXTMN2 ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JYDXTMN2 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JYDXTMN2 ]
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt

Adware.Flash Tracking Cookie
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\BANNERFARM.ACE.ADVERTISING.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\SERVING-SYS.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\CONVOAD.TECHNORATIMEDIA.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\MEDIA.RESULTHOST.ORG
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\MEDIA.TATTOMEDIA.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\MEDIA1.BREAK.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\MEDIAFORGEWS.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\MSNBCMEDIA.MSN.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\INTERCLICK.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\UDN.SPECIFICCLICK.NET
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\CRACKLE.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\ADS1.MSN.COM
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\M1.2MDN.NET
C:\Documents and Settings\DWB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3SC4V2D6\SECURE-US.IMRWORLDWIDE.COM

Adware.CouponBar
C:\WINDOWS\CPNPRT2.CID
C:\WINDOWS\SYSTEM32\CPNPRT2.CID

Trojan.Dropper/Win-NV
C:\WINDOWS\MSVIDEO.DLL

Trojan.Agent/Gen-ImageDocFake
C:\WINDOWS\TEMP\0.4504054765378944.GIF

I have ran and removed everything these found, but the problem still remains. Every search we do redirects us when we click a link in the search results.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:50 AM

Posted 13 June 2010 - 07:34 PM

Ok, thanks, Iy may be a rootkit hidden,


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next a Rootkit scan.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 anbrantley33

anbrantley33
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 15 June 2010 - 08:23 PM

New Mbam log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4198

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/14/2010 9:18:30 PM
mbam-log-2010-06-14 (21-18-30).txt

Scan type: Quick scan
Objects scanned: 154052
Time elapsed: 20 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and here is the Gmer log


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-15 21:14:20
Windows 5.1.2600 Service Pack 3
Running: j4ckjf54.exe; Driver: C:\DOCUME~1\DWB\LOCALS~1\Temp\pwrirfob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB8C2E620]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB8B6F78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB8B6F821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB8B6F738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB8B6F74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB8B6F835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB8B6F861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB8B6F8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB8B6F8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB8B6F7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB8B6F8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB8B6F80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB8B6F710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB8B6F724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB8B6F79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB8B6F937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB8B6F8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB8B6F88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB8B6F84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB8B6F923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB8B6F90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB8B6F776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB8B6F762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB8B6F877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB8B6F7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB8B6F8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB8B6F7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB8B6F7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP B8B6F7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP B8B6F811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F9 7 Bytes JMP B8B6F891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP B8B6F78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DDD9 5 Bytes JMP B8B6F766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP B8B6F825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570C4A 7 Bytes JMP B8B6F93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570F41 7 Bytes JMP B8B6F8D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP B8B6F714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP B8B6F7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP B8B6F87B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP B8B6F7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP B8B6F7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP B8B6F750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP B8B6F7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80589A67 7 Bytes JMP B8B6F8BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP B8B6F728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058EA94 5 Bytes JMP B8B6F8FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP B8B6F865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP B8B6F839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP B8B6F73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062E057 5 Bytes JMP B8B6F77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DD32 7 Bytes JMP B8B6F8E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E66B 7 Bytes JMP B8B6F8A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP B8B6F84F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EFDD 5 Bytes JMP B8B6F913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F446 5 Bytes JMP B8B6F927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74B0794]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA340360, 0x24BB1D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[400] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02300000
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 023000A2
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02300FAD
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02300087
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02300076
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02300036
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02300F7C
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 023000C4
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 023000F3
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02300F5A
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0230010E
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0230005B
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02300FE5
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 023000B3
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02300FCA
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0230001B
.text C:\WINDOWS\Explorer.EXE[400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02300F6B
.text C:\WINDOWS\Explorer.EXE[400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01FB001B
.text C:\WINDOWS\Explorer.EXE[400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01FB005B
.text C:\WINDOWS\Explorer.EXE[400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01FB0FCA
.text C:\WINDOWS\Explorer.EXE[400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01FB0000
.text C:\WINDOWS\Explorer.EXE[400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01FB0F94
.text C:\WINDOWS\Explorer.EXE[400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01FB0FE5
.text C:\WINDOWS\Explorer.EXE[400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01FB0FAF
.text C:\WINDOWS\Explorer.EXE[400] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1B, 8A]
.text C:\WINDOWS\Explorer.EXE[400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01FB0036
.text C:\WINDOWS\Explorer.EXE[400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01F6004E
.text C:\WINDOWS\Explorer.EXE[400] msvcrt.dll!system 77C293C7 5 Bytes JMP 01F6003D
.text C:\WINDOWS\Explorer.EXE[400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01F60FCD
.text C:\WINDOWS\Explorer.EXE[400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01F60FEF
.text C:\WINDOWS\Explorer.EXE[400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01F6002C
.text C:\WINDOWS\Explorer.EXE[400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01F60FDE
.text C:\WINDOWS\Explorer.EXE[400] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01F40000
.text C:\WINDOWS\Explorer.EXE[400] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01F40FE5
.text C:\WINDOWS\Explorer.EXE[400] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01F40FD4
.text C:\WINDOWS\Explorer.EXE[400] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01F40025
.text C:\WINDOWS\Explorer.EXE[400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01F50FEF
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00930FE5
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0093007D
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00930F7E
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00930058
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00930047
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00930FA5
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00930F52
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00930F6D
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009300D0
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009300BF
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00930F1C
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00930036
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00930098
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00930FB6
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00930011
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00930F41
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920FD4
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920FB9
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0092001B
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00920076
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920FE5
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0092005B
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920040
.text C:\WINDOWS\System32\svchost.exe[464] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910FA8
.text C:\WINDOWS\System32\svchost.exe[464] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910033
.text C:\WINDOWS\System32\svchost.exe[464] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00910FDE
.text C:\WINDOWS\System32\svchost.exe[464] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FEF
.text C:\WINDOWS\System32\svchost.exe[464] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910FCD
.text C:\WINDOWS\System32\svchost.exe[464] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[464] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\System32\svchost.exe[464] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001C000A
.text C:\WINDOWS\System32\svchost.exe[464] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001C0FDE
.text C:\WINDOWS\System32\svchost.exe[464] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001C002F
.text C:\WINDOWS\System32\svchost.exe[464] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50000
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50F8A
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E5007F
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50058
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50FA5
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50FC0
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E50F63
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E500AB
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E500E1
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E50F48
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E50F2D
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50047
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E50011
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E5009A
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50FDB
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E5002C
.text C:\WINDOWS\System32\svchost.exe[612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E500C6
.text C:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E40047
.text C:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E40F94
.text C:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E40036
.text C:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E4001B
.text C:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40FA5
.text C:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E4000A
.text C:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E40FC0
.text C:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [04, 89] {ADD AL, 0x89}
.text C:\WINDOWS\System32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E40FDB
.text C:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E3003F
.text C:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E3002E
.text C:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E30FE3
.text C:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E30000
.text C:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30FBE
.text C:\WINDOWS\System32\svchost.exe[612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E30011
.text C:\WINDOWS\System32\svchost.exe[612] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00E20FE5
.text C:\WINDOWS\System32\svchost.exe[612] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00E20FD4
.text C:\WINDOWS\System32\svchost.exe[612] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00E20FC3
.text C:\WINDOWS\System32\svchost.exe[612] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00E20014
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013B0000
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013B0F83
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013B006E
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013B0051
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 013B0F9E
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013B0FC0
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013B0F4B
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013B0F5C
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013B0F30
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013B00C9
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013B00E4
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 013B0FAF
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013B0011
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 013B0093
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 013B0FDB
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 013B002C
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 013B00AE
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 013A001B
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 013A0051
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 013A0FCA
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 013A0FDB
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 013A0F8A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 013A0000
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 013A0FAF
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5A, 89]
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 013A0036
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0FC5
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0050
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF002E
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF003F
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\services.exe[688] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\services.exe[688] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00FD001B
.text C:\WINDOWS\system32\services.exe[688] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00FD0040
.text C:\WINDOWS\system32\services.exe[688] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\services.exe[688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F5E
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF005D
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0F83
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF008B
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF007A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF00C1
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF0F28
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F0D
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0F9E
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF0F4D
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF00A6
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0F83
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0F94
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FE0FAF
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1E, 89]
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE002C
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0FA6
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0031
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0FD2
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD000C
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0FC1
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[700] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\lsass.exe[700] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\lsass.exe[700] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\lsass.exe[700] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\lsass.exe[700] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00CC002F
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30F8F
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30084
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E30073
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E30062
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E30FC0
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E30F61
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E30F72
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E300E6
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E300D5
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E30F32
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E30047
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E3009F
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E3002C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E3001B
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E300BA
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E2001E
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E20F83
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E20FC3
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E20FDE
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E20F9E
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E2004A
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E2002F
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E10F70
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E10F81
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E10FC1
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10FA6
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E10FD2
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00D50FB9
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00D50014
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EE00A7
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EE0FA8
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE0FB9
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EE0076
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EE0FD4
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EE00F0
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EE00D3
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EE0123
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EE0112
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EE0134
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EE0051
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EE0011
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EE00C2
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EE0036
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EE0FE5
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EE0101
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00051
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E00025
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00F94
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00000
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00FAF
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00036
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF002C
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FA1
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0FC6
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF001B
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF0FE3
.text C:\WINDOWS\system32\svchost.exe[940] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[940] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00DD001B
.text C:\WINDOWS\system32\svchost.exe[940] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[940] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\system32\svchost.exe[940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE000A
.text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02F20000
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02F20F3A
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02F20F4B
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02F2002F
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02F20F72
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02F20FA8
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02F2004A
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02F20F0E
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02F20EC2
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02F2005B
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02F20076
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02F20F97
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02F20FE5
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02F20F1F
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02F20FB9
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02F20FCA
.text C:\WINDOWS\System32\svchost.exe[1000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02F20EDD
.text C:\WINDOWS\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02F1002C
.text C:\WINDOWS\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02F10069
.text C:\WINDOWS\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02F1001B
.text C:\WINDOWS\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02F10FEF
.text C:\WINDOWS\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02F10058
.text C:\WINDOWS\System32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02F1000A
.text C:\WINDOWS\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02F10FB6
.text C:\WINDOWS\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [11, 8B]
.text C:\WINDOWS\System32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02F1003D
.text C:\WINDOWS\System32\svchost.exe[1000] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D6000A
.text C:\WINDOWS\System32\svchost.exe[1000] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02F00FA1
.text C:\WINDOWS\System32\svchost.exe[1000] msvcrt.dll!system 77C293C7 5 Bytes JMP 02F0002C
.text C:\WINDOWS\System32\svchost.exe[1000] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02F00FC6
.text C:\WINDOWS\System32\svchost.exe[1000] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02F00000
.text C:\WINDOWS\System32\svchost.exe[1000] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02F00011
.text C:\WINDOWS\System32\svchost.exe[1000] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02F00FE3
.text C:\WINDOWS\System32\svchost.exe[1000] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 02EE0000
.text C:\WINDOWS\System32\svchost.exe[1000] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 02EE001B
.text C:\WINDOWS\System32\svchost.exe[1000] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02EE0FE5
.text C:\WINDOWS\System32\svchost.exe[1000] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 02EE0FD4
.text C:\WINDOWS\System32\svchost.exe[1000] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02EF0FE5
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008E0FE5
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008E0071
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008E0F7C
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008E0F8D
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008E0040
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008E0025
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008E0096
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008E0F5A
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008E00E7
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008E00D6
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008E00F8
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008E0F9E
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008E0F6B
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008E0014
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008E0FB9
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008E00BB
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008D0014
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008D0F6B
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008D0FC3
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008D0FDE
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008D0F7C
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008D0F8D
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AD, 88]
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008D0FB2
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0F75
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0F86
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C0000
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0FAB
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0FD2
.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001C0011
.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001C0022
.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001C0FDB
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009E0000
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009E009F
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009E0FAA
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009E008E
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009E007D
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009E0051
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009E00E8
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009E00CB
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009E0F6A
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009E00F9
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009E0F45
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009E0062
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009E001B
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009E00B0
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009E0036
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009E0FE5
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009E0F85
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009D0040
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009D0FAF
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009D002F
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009D000A
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009D0062
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009D0051
.text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009D0FD4
.text C:\WINDOWS\System32\svchost.exe[1196] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009C0F97
.text C:\WINDOWS\System32\svchost.exe[1196] msvcrt.dll!system 77C293C7 5 Bytes JMP 009C0FA8
.text C:\WINDOWS\System32\svchost.exe[1196] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\System32\svchost.exe[1196] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009C000C
.text C:\WINDOWS\System32\svchost.exe[1196] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009C0FB9
.text C:\WINDOWS\System32\svchost.exe[1196] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\System32\svchost.exe[1196] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[1196] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\System32\svchost.exe[1196] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001B0014
.text C:\WINDOWS\System32\svchost.exe[1196] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\System32\svchost.exe[1196] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30F5F
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C30F70
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30F8D
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30F9E
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C300A0
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30F4E
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C30F0E
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C300B1
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C30EFD
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C30040
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C3000A
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C3006F
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30025
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C30FD4
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C30F33
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C2006F
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C2001E
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20FB2
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C2004A
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20039
.text C:\WINDOWS\System32\svchost.exe[1236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10042
.text C:\WINDOWS\System32\svchost.exe[1236] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10031
.text C:\WINDOWS\System32\svchost.exe[1236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FB7
.text C:\WINDOWS\System32\svchost.exe[1236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\System32\svchost.exe[1236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10016
.text C:\WINDOWS\System32\svchost.exe[1236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10FD2
.text C:\WINDOWS\System32\svchost.exe[1236] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001B0000
.text C:\WINDOWS\System32\svchost.exe[1236] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001B001B
.text C:\WINDOWS\System32\svchost.exe[1236] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001B0036
.text C:\WINDOWS\System32\svchost.exe[1236] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001B0047
.text C:\WINDOWS\System32\svchost.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0000
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0093
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0082
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB005B
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB004A
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB0FC3
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB00C1
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB00B0
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB010B
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F68
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CB0F4D
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CB0FB2
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CB0F79
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CB0025
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CB0FD4
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CB00DC
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FB2
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0F79
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0FC3
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0036
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0025
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0014
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0FA1
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0FBC
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0011
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0022
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FE3
.text C:\WINDOWS\System32\svchost.exe[1400] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\System32\svchost.exe[1400] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\System32\svchost.exe[1400] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\System32\svchost.exe[1400] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00B9001E
.text C:\WINDOWS\System32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60F41
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60F5C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60040
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60F83
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60F9E
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D60073
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D60062
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D60084
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60EF5
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D60095
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D6002F
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D60051
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D60FC3
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D6000A
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D60F06
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D5001B
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50062
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50FC0
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50FDB
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D50047
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D5002C
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50FA5
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D40075
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40064
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D4002E
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40049
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D4001D
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00D30000
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00D3001B
.text C:\WINDOWS\system32\svchost.exe[1468] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00D30040
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00930F91
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00930090
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00930073
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00930FC0
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00930051
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009300BE
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009300AD
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00930F47
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009300E0
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00930105
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00930062
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00930FE5
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00930F76
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00930036
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0093001B
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009300CF
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920FCA
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920F8D
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0092001B
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0092004A
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00920F9E
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B2, 88] {MOV DL, 0x88}
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920FAF
.text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910FA1
.text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!system 77C293C7 5 Bytes JMP 0091002C
.text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00910000
.text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FE3
.text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910011
.text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910FC6
.text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001C0000
.text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001C0025
.text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001C0040
.text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001C0051
.text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\wuauclt.exe[2068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\system32\wuauclt.exe[2068] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\wuauclt.exe[2068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\wuauclt.exe[2068] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02980FEF
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02980F77
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02980062
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02980051
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02980F94
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0298001B
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02980F49
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02980F5A
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02980F09
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029800AC
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02980EF8
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0298002C
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02980FD4
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02980091
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0298000A
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02980FC3
.text C:\WINDOWS\system32\wuauclt.exe[2068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02980F2E
.text C:\WINDOWS\system32\wuauclt.exe[2068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0296002C
.text C:\WINDOWS\system32\wuauclt.exe[2068] msvcrt.dll!system 77C293C7 5 Bytes JMP 02960FA1
.text C:\WINDOWS\system32\wuauclt.exe[2068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02960011
.text C:\WINDOWS\system32\wuauclt.exe[2068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02960FE3
.text C:\WINDOWS\system32\wuauclt.exe[2068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02960FBC
.text C:\WINDOWS\system32\wuauclt.exe[2068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02960000
.text C:\WINDOWS\system32\wuauclt.exe[2068] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02970011
.text C:\WINDOWS\system32\wuauclt.exe[2068] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02970058
.text C:\WINDOWS\system32\wuauclt.exe[2068] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02970FC0
.text C:\WINDOWS\system32\wuauclt.exe[2068] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02970000
.text C:\WINDOWS\system32\wuauclt.exe[2068] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02970F9B
.text C:\WINDOWS\system32\wuauclt.exe[2068] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02970FE5
.text C:\WINDOWS\system32\wuauclt.exe[2068] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02970033
.text C:\WINDOWS\system32\wuauclt.exe[2068] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02970022
.text C:\WINDOWS\system32\wuauclt.exe[2068] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 028A000A
.text C:\WINDOWS\system32\wuauclt.exe[2068] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 028A0025
.text C:\WINDOWS\system32\wuauclt.exe[2068] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 028A0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2068] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 028A0040
.text C:\WINDOWS\system32\wuauclt.exe[2068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02950FEF
.text C:\WINDOWS\system32\wuauclt.exe[3204] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\wuauclt.exe[3204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\wuauclt.exe[3204] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BC000C
.text C:\WINDOWS\system32\wuauclt.exe[3204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D0FA3
.text C:\WINDOWS\system32\wuauclt.exe[3204] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D0038
.text C:\WINDOWS\system32\wuauclt.exe[3204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D000C
.text C:\WINDOWS\system32\wuauclt.exe[3204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D001D
.text C:\WINDOWS\system32\wuauclt.exe[3204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D0FD2
.text C:\WINDOWS\system32\wuauclt.exe[3204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002E001B
.text C:\WINDOWS\system32\wuauclt.exe[3204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002E0F80
.text C:\WINDOWS\system32\wuauclt.exe[3204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002E0FCA
.text C:\WINDOWS\system32\wuauclt.exe[3204] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002E0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002E0F9B
.text C:\WINDOWS\system32\wuauclt.exe[3204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002E0000
.text C:\WINDOWS\system32\wuauclt.exe[3204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002E003D
.text C:\WINDOWS\system32\wuauclt.exe[3204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002E002C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 89817D01

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


As a side note each time I unplugged or plugged in the internet wire, my computer rebooted on its own.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:50 AM

Posted 15 June 2010 - 09:47 PM

Hello, there are some unknown and modified/suspicious .sys filres here. We need a deeper look. Please follow these instructions to post needed logs.

Preparation Guide . proceed to steps 6 through 9.
If you cannot perform a step move on to the next. Post all required logs and the complete log.
Include the GMER log you posted earlier.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 anbrantley33

anbrantley33
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 19 June 2010 - 03:18 PM

DDS (Ver_10-03-17.01) - NTFSx86
Run by DWB at 16:07:17.42 on Sat 06/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.924 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DWB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:50 AM

Posted 19 June 2010 - 07:31 PM

Hello i need uou to open the Guide again ,, In step 9 is the location to post this DDS log to. The log need s be reviewed there and not in this topic thanks.


Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users