Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal Internet Security 2011


  • This topic is locked This topic is locked
3 replies to this topic

#1 alslee

alslee

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 19 January 2011 - 05:09 PM

Hi,

I have a virus called Personal Internet Security 2011 on my laptop. Too try and get rid of it i followed the following steps on How-to Geek.com: I used Super antispywear and then used it again in safe mode with networking which didn't work. I then ran a combfix and asked what i should do next on another topic. I was asked to run DDS and create a GMER log and post them on a new topic. They are shown below and the attach file from the DDS is attached. I was also asked to post the combofix information which is at the bottom.

Could some one please tell me what i should do next.

Attach File: Attached File  Attach.zip   2.17KB   0 downloads

DDS (Ver_10-12-12.02) - NTFSx86
Run by Alice at 20:56:22.94 on 18/01/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.1559 [GMT 0:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\ProgramData\5bca38\PI5bc_2159.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFEUQN9N\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bbc.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25514
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110116205958.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Personal Internet Security 2011] "c:\programdata\5bca38\PI5bc_2159.exe" /s /d
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SolidWorks_CheckForUpdates] "c:\program files\common files\solidworks installation manager\scheduler\sldIMScheduler.exe" /scheduler
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-8-29 20384]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-16 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-16 164840]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-16 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-16 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-16 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-16 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-16 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-16 141792]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-16 55840]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-16 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-16 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-16 313288]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-25 77824]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2009-3-19 83240]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-8-29 954368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-16 84264]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2011-01-17 08:23:30 -------- d-sh--w- c:\users\alice\appdata\roaming\Personal Internet Security 2011
2011-01-16 20:59:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-01-16 20:59:46 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-01-16 20:59:46 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-01-16 20:59:46 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-01-16 20:59:46 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-01-16 20:59:46 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-01-16 20:59:46 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-01-16 20:59:46 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-01-16 20:59:39 -------- d-----w- c:\program files\common files\Mcafee
2011-01-16 20:59:38 -------- d-----w- c:\program files\McAfee.com
2011-01-16 20:59:36 -------- d-----w- c:\program files\McAfee
2011-01-16 20:58:03 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-01-16 20:05:29 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-16 20:05:25 -------- d-----w- c:\users\alice\appdata\local\temp
2011-01-16 19:57:42 98816 ----a-w- c:\windows\sed.exe
2011-01-16 19:57:42 89088 ----a-w- c:\windows\MBR.exe
2011-01-16 19:57:42 256512 ----a-w- c:\windows\PEV.exe
2011-01-16 19:57:42 161792 ----a-w- c:\windows\SWREG.exe
2011-01-16 19:57:36 -------- d-----w- C:\ComboFix
2011-01-16 15:33:16 -------- d-----w- c:\users\alice\appdata\roaming\SUPERAntiSpyware.com
2011-01-16 15:33:16 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-16 15:13:40 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-01-16 15:03:35 -------- d-----w- c:\progra~2\AVG10
2011-01-15 20:11:58 -------- d-sh--w- c:\progra~2\PICULZLNS
2011-01-15 20:08:46 -------- d-sh--w- c:\progra~2\5bca38
2011-01-14 10:48:19 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{680c8e2e-07f1-4874-92d2-5b53e3d3cefd}\mpengine.dll
2011-01-12 11:43:30 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 11:43:30 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 11:43:30 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 11:43:30 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 11:43:30 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 11:43:30 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 11:43:26 1169408 ----a-w- c:\windows\system32\sdclt.exe

==================== Find3M ====================

2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll

============= FINISH: 20:57:36.92 ===============




GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-18 21:42:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925032 rev.SD58
Running: gmer.exe; Driver: C:\Users\Alice\AppData\Local\Temp\kwlcrpog.sys


---- System - GMER 1.0.15 ----

INT 0x01 \??\C:\Users\Alice\AppData\Local\Temp\mbr.sys AC9D6C42

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8A3780B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8A3780E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8A3780CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8A3780A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8267D9D2 5 Bytes JMP 8A3780A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82842DA3 5 Bytes JMP 8A3780E6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 828624FA 7 Bytes JMP 8A3780BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 828627BD 5 Bytes JMP 8A3780D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A959480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A99A900, 0x3CA, 0x48000040]
? C:\Users\Alice\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[652] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00340FE5
.text C:\Windows\system32\svchost.exe[652] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 0034001B
.text C:\Windows\system32\svchost.exe[652] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 003200D7
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 003200BC
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00320F40
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 00320F5B
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00320F9B
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 0032002C
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 003200AB
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00320075
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00320FC0
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00320058
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00320047
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00320090
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 003200F2
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[652] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 00320F76
.text C:\Windows\system32\svchost.exe[652] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00310042
.text C:\Windows\system32\svchost.exe[652] msvcrt.dll!system 7682804B 5 Bytes JMP 00310FB7
.text C:\Windows\system32\svchost.exe[652] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00310027
.text C:\Windows\system32\svchost.exe[652] msvcrt.dll!_open 7682D106 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[652] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00310FD2
.text C:\Windows\system32\svchost.exe[652] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00310FE3
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 002F0F86
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 002F0028
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 002F0FEF
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 002F0FA1
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 002F0F75
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 002F0FCD
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 002F0FDE
.text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 002F0FBC
.text C:\Windows\system32\svchost.exe[652] WS2_32.dll!socket 763736D1 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[668] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 006C0000
.text C:\Windows\system32\svchost.exe[668] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 006C001B
.text C:\Windows\system32\svchost.exe[668] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 006C0FE5
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 006B0F50
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 006B0F61
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 006B00B1
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 006B0F24
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 006B0F7C
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 006B002F
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 006B004A
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 006B008C
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 006B0F8D
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 006B0FC3
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 006B0F9E
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 006B0FDE
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 006B007B
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 006B0EFF
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 006B000A
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 006B0FEF
.text C:\Windows\system32\svchost.exe[668] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 006B0F3F
.text C:\Windows\system32\svchost.exe[668] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00620FC0
.text C:\Windows\system32\svchost.exe[668] msvcrt.dll!system 7682804B 5 Bytes JMP 0062004B
.text C:\Windows\system32\svchost.exe[668] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00620029
.text C:\Windows\system32\svchost.exe[668] msvcrt.dll!_open 7682D106 5 Bytes JMP 00620FEF
.text C:\Windows\system32\svchost.exe[668] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 0062003A
.text C:\Windows\system32\svchost.exe[668] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00620018
.text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 000C004E
.text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 000C0FB6
.text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 000C003D
.text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 000C0F91
.text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 000C0022
.text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 000C0011
.text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 000C0FD1
.text C:\Windows\system32\svchost.exe[668] WS2_32.dll!socket 763736D1 5 Bytes JMP 00600FE5
.text C:\Windows\system32\services.exe[780] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00860FEF
.text C:\Windows\system32\services.exe[780] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00860FB9
.text C:\Windows\system32\services.exe[780] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00860FD4
.text C:\Windows\system32\services.exe[780] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 00850F83
.text C:\Windows\system32\services.exe[780] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 00850F94
.text C:\Windows\system32\services.exe[780] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00850F39
.text C:\Windows\system32\services.exe[780] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 00850F54
.text C:\Windows\system32\services.exe[780] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 0085009A
.text C:\Windows\system32\services.exe[780] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00850011
.text C:\Windows\system32\services.exe[780] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00850036
.text C:\Windows\system32\services.exe[780] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 008500B5
.text C:\Windows\system32\services.exe[780] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00850FC0
.text C:\Windows\system32\services.exe[780] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00850058
.text C:\Windows\system32\services.exe[780] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00850073
.text C:\Windows\system32\services.exe[780] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00850047
.text C:\Windows\system32\services.exe[780] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00850FA5
.text C:\Windows\system32\services.exe[780] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 00850F28
.text C:\Windows\system32\services.exe[780] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 00850FDB
.text C:\Windows\system32\services.exe[780] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00850000
.text C:\Windows\system32\services.exe[780] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 008500DA
.text C:\Windows\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 00D40F94
.text C:\Windows\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 00D40025
.text C:\Windows\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 00D40FEF
.text C:\Windows\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 00D40036
.text C:\Windows\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 00D4005B
.text C:\Windows\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 00D4000A
.text C:\Windows\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 00D40FD4
.text C:\Windows\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 00D40FC3
.text C:\Windows\system32\services.exe[780] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00D60042
.text C:\Windows\system32\services.exe[780] msvcrt.dll!system 7682804B 5 Bytes JMP 00D60031
.text C:\Windows\system32\services.exe[780] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00D60FC8
.text C:\Windows\system32\services.exe[780] msvcrt.dll!_open 7682D106 5 Bytes JMP 00D60FEF
.text C:\Windows\system32\services.exe[780] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00D60FB7
.text C:\Windows\system32\services.exe[780] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00D6000C
.text C:\Windows\system32\services.exe[780] WS2_32.dll!socket 763736D1 5 Bytes JMP 00D50FEF
.text C:\Windows\system32\lsass.exe[792] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00280FEF
.text C:\Windows\system32\lsass.exe[792] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00280FD4
.text C:\Windows\system32\lsass.exe[792] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00280014
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 00110093
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 00110082
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00110F28
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 001100C9
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00110F61
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00110000
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00110FB9
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 00110071
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00110F72
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00110F8D
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 0011002F
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00110FA8
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00110060
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 00110F17
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 00110FD4
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00110FE5
.text C:\Windows\system32\lsass.exe[792] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 001100AE
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 00290039
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 00290FA8
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 00290FEF
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 00290F97
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 00290054
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 00290014
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 00290FDE
.text C:\Windows\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 00290FC3
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 004C0044
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!system 7682804B 5 Bytes JMP 004C0FAF
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 004C0029
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_open 7682D106 5 Bytes JMP 004C0000
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 004C0FCA
.text C:\Windows\system32\lsass.exe[792] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 004C0FEF
.text C:\Windows\system32\lsass.exe[792] WS2_32.dll!socket 763736D1 5 Bytes JMP 004B0000
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00500FEF
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00500011
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00500000
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 002E0F86
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 002E00CC
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 002E0F5A
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 002E0F6B
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 002E0FB2
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 002E0FD4
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 002E002F
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 002E00B1
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 002E0080
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 002E0054
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 002E006F
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 002E0FC3
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 002E0FA1
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetProcAddress 76C6903B 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 002E0F3F
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 002E000A
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 002E0FEF
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 002E00E7
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00570F9A
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!system 7682804B 5 Bytes JMP 0057001B
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00570FBC
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_open 7682D106 5 Bytes JMP 00570FE3
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00570FAB
.text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00570000
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 00510036
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 00510025
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 00510FE5
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 00510F94
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 00510051
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 00510FB9
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 00510FCA
.text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 00510014
.text C:\Windows\system32\svchost.exe[988] WS2_32.dll!socket 763736D1 5 Bytes JMP 00520000
.text C:\Windows\system32\svchost.exe[1080] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[1080] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\svchost.exe[1080] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 00090F4B
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 00090F5C
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00090F1F
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 00090F3A
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00090076
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00090FD4
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00090025
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 00090F6D
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00090065
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00090FB9
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00090FA8
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00090040
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00090087
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 00090EFA
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 0009000A
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00090FEF
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 000900B6
.text C:\Windows\system32\svchost.exe[1080] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00370078
.text C:\Windows\system32\svchost.exe[1080] msvcrt.dll!system 7682804B 5 Bytes JMP 0037005D
.text C:\Windows\system32\svchost.exe[1080] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00370027
.text C:\Windows\system32\svchost.exe[1080] msvcrt.dll!_open 7682D106 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[1080] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00370042
.text C:\Windows\system32\svchost.exe[1080] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 001C006C
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 001C003D
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 001C0FC0
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 001C0FA5
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 001C0022
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 001C0011
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 001C0FDB
.text C:\Windows\system32\svchost.exe[1080] WS2_32.dll!socket 763736D1 5 Bytes JMP 001D000A
.text C:\Windows\System32\svchost.exe[1200] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 001A0FEF
.text C:\Windows\System32\svchost.exe[1200] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 001A000A
.text C:\Windows\System32\svchost.exe[1200] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 001A0FDE
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 00190F85
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 001900CB
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00190F74
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 0019010B
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00190084
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00190025
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00190036
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 001900BA
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00190073
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00190058
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00190FB6
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00190047
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 0019009F
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 00190F63
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 0019000A
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00190FEF
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 001900E6
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 001F0055
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!system 7682804B 5 Bytes JMP 001F0FD4
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 001F003A
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_open 7682D106 5 Bytes JMP 001F0000
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 001F0FE5
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 001F0029
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 001B0F83
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 001B0FAF
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 001B0000
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 001B0F9E
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 001B0036
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 001B0FE5
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 001B001B
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 001B0FC0
.text C:\Windows\System32\svchost.exe[1200] WS2_32.dll!socket 763736D1 5 Bytes JMP 001E0000
.text C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00D10FEF
.text C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00D10FC0
.text C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00D10000
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 00D00F5E
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 00D00F79
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00D000DA
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 00D00F43
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00D0006E
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00D00014
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00D00025
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 00D000A4
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00D00051
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00D00036
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00D00F94
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00D00FAF
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00D0007F
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 00D000EB
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 00D00FDE
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00D00FEF
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 00D000BF
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00D70FB2
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!system 7682804B 5 Bytes JMP 00D70FC3
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00D70022
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_open 7682D106 5 Bytes JMP 00D70000
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00D70033
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00D70011
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 005E0062
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 005E0040
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 005E0000
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 005E0051
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 005E0FAF
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 005E0025
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 005E0FE5
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 005E0FD4
.text C:\Windows\System32\svchost.exe[1260] WS2_32.dll!socket 763736D1 5 Bytes JMP 00D60000
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 01230FE5
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 01230FB9
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 01230FD4
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 012200A4
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 01220F68
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 01220F21
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 01220F32
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 01220F97
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 01220036
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 01220FE5
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 01220093
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 01220FA8
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 01220FD4
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 01220FB9
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 01220051
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 01220082
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 01220F10
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 0122001B
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 0122000A
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 01220F43
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 01290F9C
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!system 7682804B 5 Bytes JMP 01290FAD
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 0129001D
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_open 7682D106 5 Bytes JMP 0129000C
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 01290FBE
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 01290FEF
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 0121002C
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 01210F94
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 01210FEF
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 0121001B
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 01210047
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 01210000
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 01210FCA
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 01210FAF
.text C:\Windows\system32\svchost.exe[1316] WS2_32.dll!socket 763736D1 5 Bytes JMP 01280000
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00090FD4
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 0008009D
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 0008008C
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 000800D3
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 000800B8
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00080F8D
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 0008001E
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00080FC3
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 00080F61
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00080067
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 0008004A
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00080FA8
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00080039
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00080F72
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 000800E4
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 00080FDE
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 00080F3C
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 000C0F9C
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!system 7682804B 5 Bytes JMP 000C0FB7
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 000C0FD2
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_open 7682D106 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 000C0027
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 000C000C
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 00070F9B
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 0007003D
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 00070FB6
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 0007004E
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 00070011
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 00070022
.text C:\Windows\system32\svchost.exe[1396] WS2_32.dll!socket 763736D1 5 Bytes JMP 000A0FE5
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1452] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 703C9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1452] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 703C9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00AA0FEF
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00AA001E
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00AA0FDE
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 009800A1
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 00980F65
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00980F14
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 00980F25
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 0098006E
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00980025
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00980FD4
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 00980090
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00980051
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00980036
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00980F9E
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00980FAF
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 0098007F
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 009800D0
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00980FEF
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 00980F40
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00AC0FA6
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!system 7682804B 5 Bytes JMP 00AC0031
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00AC0FC1
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_open 7682D106 5 Bytes JMP 00AC0FE3
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00AC0016
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00AC0FD2
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 005E0FA1
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 005E0FCD
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 005E0FEF
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 005E0FB2
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 005E0F7C
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 005E001E
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 005E0FDE
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 005E002F
.text C:\Windows\system32\svchost.exe[1484] WS2_32.dll!socket 763736D1 5 Bytes JMP 00AB000A
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenA 76D2D690 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenW 76D2DB09 5 Bytes JMP 009D0FCA
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlA 76D2F3A4 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlW 76D76D77 5 Bytes JMP 009D0011
.text C:\Windows\system32\svchost.exe[1600] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[1600] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 009B0FDE
.text C:\Windows\system32\svchost.exe[1600] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 009A00BF
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 009A00AE
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 009A0F39
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 009A0F4A
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 009A0F97
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 009A001B
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 009A0FD4
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 009A009D
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 009A0071
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 009A0FB2
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 009A0054
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 009A0FC3
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 009A0082
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 009A00EB
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 009A000A
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 009A0FEF
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 009A00D0
.text C:\Windows\system32\svchost.exe[1600] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 01AC005D
.text C:\Windows\system32\svchost.exe[1600] msvcrt.dll!system 7682804B 5 Bytes JMP 01AC0042
.text C:\Windows\system32\svchost.exe[1600] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 01AC0016
.text C:\Windows\system32\svchost.exe[1600] msvcrt.dll!_open 7682D106 5 Bytes JMP 01AC0FE3
.text C:\Windows\system32\svchost.exe[1600] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 01AC0031
.text C:\Windows\system32\svchost.exe[1600] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 01AC0FD2
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 00990079
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 00990FDE
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 0099000A
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 00990FCD
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 0099008A
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 00990025
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 00990FEF
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 0099004A
.text C:\Windows\system32\svchost.exe[1600] WS2_32.dll!socket 763736D1 5 Bytes JMP 01AB0FEF
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 004A0000
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 004A0FCA
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 004A0FE5
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 0049007D
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 0049006C
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00490F15
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 004900A2
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00490047
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00490011
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00490FC0
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 00490F37
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00490F6D
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00490FA5
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00490F8A
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 0049002C
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00490F52
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 004900D1
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 00490000
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00490FE5
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 00490F26
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 0048004C
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!system 7682804B 5 Bytes JMP 00480031
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00480FD2
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_open 7682D106 5 Bytes JMP 00480FEF
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00480FC1
.text C:\Windows\system32\svchost.exe[1952] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 0048000C
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 003E0039
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 003E0014
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 003E0FEF
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 003E0F97
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 003E0F7C
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 003E0FB9
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 003E0FD4
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 003E0FA8
.text C:\Windows\system32\svchost.exe[1952] WS2_32.dll!socket 763736D1 5 Bytes JMP 00430FEF
.text C:\Windows\System32\svchost.exe[2304] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[2304] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00080FDB
.text C:\Windows\System32\svchost.exe[2304] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00080011
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 000700BF
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 000700A4
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00070F39
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 000700D0
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00070078
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00070FCA
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00070FB9
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 00070F83
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00070F9E
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00070036
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00070051
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00070025
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00070093
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 00070F28
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 00070F54
.text C:\Windows\System32\svchost.exe[2304] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00060042
.text C:\Windows\System32\svchost.exe[2304] msvcrt.dll!system 7682804B 5 Bytes JMP 00060FB7
.text C:\Windows\System32\svchost.exe[2304] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00060016
.text C:\Windows\System32\svchost.exe[2304] msvcrt.dll!_open 7682D106 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2304] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00060031
.text C:\Windows\System32\svchost.exe[2304] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00060FDE
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 00050076
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 00050FB9
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 00050040
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 00050051
.text C:\Windows\Explorer.EXE[3496] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00040FEF
.text C:\Windows\Explorer.EXE[3496] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 0004001B
.text C:\Windows\Explorer.EXE[3496] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 0004000A
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 000100C2
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 000100A7
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00010F50
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 00010F61
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00010F8D
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00010025
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00010036
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 0001008C
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00010F9E
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00010051
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00010FAF
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00010FCA
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00010F7C
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 0001010C
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[3496] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 000100D3
.text C:\Windows\Explorer.EXE[3496] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 00060065
.text C:\Windows\Explorer.EXE[3496] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 00060FCD
.text C:\Windows\Explorer.EXE[3496] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 00060000
.text C:\Windows\Explorer.EXE[3496] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 00060054
.text C:\Windows\Explorer.EXE[3496] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 00060FA8
.text C:\Windows\Explorer.EXE[3496] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 00060FDE
.text C:\Windows\Explorer.EXE[3496] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 00060FEF
.text C:\Windows\Explorer.EXE[3496] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 0006002F
.text C:\Windows\Explorer.EXE[3496] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00070069
.text C:\Windows\Explorer.EXE[3496] msvcrt.dll!system 7682804B 5 Bytes JMP 0007004E
.text C:\Windows\Explorer.EXE[3496] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00070033
.text C:\Windows\Explorer.EXE[3496] msvcrt.dll!_open 7682D106 5 Bytes JMP 00070FEF
.text C:\Windows\Explorer.EXE[3496] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00070FDE
.text C:\Windows\Explorer.EXE[3496] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00070018
.text C:\Windows\Explorer.EXE[3496] WININET.dll!InternetOpenA 76D2D690 5 Bytes JMP 0317000A
.text C:\Windows\Explorer.EXE[3496] WININET.dll!InternetOpenW 76D2DB09 5 Bytes JMP 03170FEF
.text C:\Windows\Explorer.EXE[3496] WININET.dll!InternetOpenUrlA 76D2F3A4 5 Bytes JMP 03170FDE
.text C:\Windows\Explorer.EXE[3496] WININET.dll!InternetOpenUrlW 76D76D77 5 Bytes JMP 0317002F
.text C:\Windows\Explorer.EXE[3496] WS2_32.dll!socket 763736D1 5 Bytes JMP 0327000A
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00040FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00040FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 00010F41
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 0001007D
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 000100BD
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 000100AC
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00010051
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00010FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00010FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 0001006C
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00010040
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00010F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 0001002F
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00010F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00010F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 000100D8
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 00010FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 00010F30
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 0005007A
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 0005004E
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 00050000
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 0005005F
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 00050FB3
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 00050022
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 00050011
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 00050033
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] USER32.dll!CreateWindowExW 77C11305 5 Bytes JMP 6A31DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] USER32.dll!DialogBoxParamW 77C310B0 5 Bytes JMP 6A245501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] USER32.dll!DialogBoxIndirectParamW 77C32EF5 5 Bytes JMP 6A414FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] USER32.dll!DialogBoxParamA 77C48152 5 Bytes JMP 6A414F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] USER32.dll!DialogBoxIndirectParamA 77C4847D 5 Bytes JMP 6A415052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] USER32.dll!MessageBoxIndirectA 77C5D4D9 5 Bytes JMP 6A414F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] USER32.dll!MessageBoxIndirectW 77C5D5D3 5 Bytes JMP 6A414EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] USER32.dll!MessageBoxExA 77C5D639 5 Bytes JMP 6A414E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] USER32.dll!MessageBoxExW 77C5D65D 5 Bytes JMP 6A414DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00060F95
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] msvcrt.dll!system 7682804B 5 Bytes JMP 00060FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00060FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] msvcrt.dll!_open 7682D106 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00060FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 0006000C
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] WININET.dll!InternetOpenA 76D2D690 5 Bytes JMP 00850FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] WININET.dll!InternetOpenW 76D2DB09 5 Bytes JMP 00850FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] WININET.dll!InternetOpenUrlA 76D2F3A4 5 Bytes JMP 00850FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] WININET.dll!InternetOpenUrlW 76D76D77 5 Bytes JMP 00850FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[53476] ws2_32.dll!socket 763736D1 5 Bytes JMP 0089000A
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00040011
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 00040FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 00010084
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 00010069
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00010F12
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 00010F23
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 00010047
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00010011
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00010FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 00010F48
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00010036
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00010F94
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00010F79
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00010FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00010058
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 00010EF7
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00010FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 0001009F
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 00050FAC
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 00050047
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 00050000
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 00050058
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 00050F9B
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 0005002C
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 0005001B
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 00050FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!CreateDialogParamW 77C072A2 5 Bytes JMP 6A31DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!GetAsyncKeyState 77C0863C 5 Bytes JMP 6A238F1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!SetWindowsHookExW 77C087AD 5 Bytes JMP 6A319AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!CallNextHookEx 77C08E3B 5 Bytes JMP 6A30D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!UnhookWindowsHookEx 77C098DB 5 Bytes JMP 6A284696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!EnableWindow 77C0CD8B 5 Bytes JMP 6A31DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!CreateWindowExW 77C11305 5 Bytes JMP 6A31DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!GetKeyState 77C18CB1 5 Bytes JMP 6A31D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!IsDialogMessageW 77C20745 5 Bytes JMP 6A245A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!CreateDialogParamA 77C217AA 5 Bytes JMP 6A415C74 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!IsDialogMessage 77C21847 5 Bytes JMP 6A415510 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!CreateDialogIndirectParamA 77C226F1 5 Bytes JMP 6A415CAB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!CreateDialogIndirectParamW 77C29A62 5 Bytes JMP 6A415CE2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!SetKeyboardState 77C30987 5 Bytes JMP 6A41587F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!DialogBoxParamW 77C310B0 5 Bytes JMP 6A245501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!DialogBoxIndirectParamW 77C32EF5 5 Bytes JMP 6A414FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!SendInput 77C32F75 5 Bytes JMP 6A41643B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!EndDialog 77C3326E 5 Bytes JMP 6A247EBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!SetCursorPos 77C46FB2 5 Bytes JMP 6A41648F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!DialogBoxParamA 77C48152 5 Bytes JMP 6A414F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!DialogBoxIndirectParamA 77C4847D 5 Bytes JMP 6A415052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!MessageBoxIndirectA 77C5D4D9 5 Bytes JMP 6A414F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!MessageBoxIndirectW 77C5D5D3 5 Bytes JMP 6A414EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!MessageBoxExA 77C5D639 5 Bytes JMP 6A414E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!MessageBoxExW 77C5D65D 5 Bytes JMP 6A414DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] USER32.dll!keybd_event 77C5D972 5 Bytes JMP 6A4167BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00060F75
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] msvcrt.dll!system 7682804B 5 Bytes JMP 00060F90
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00060FB5
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] msvcrt.dll!_open 7682D106 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 0006000A
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00060FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] SHELL32.dll!SHRestricted + D95 76E789A8 4 Bytes [4D, 30, 81, 6F]
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] SHELL32.dll!SHRestricted + D9D 76E789B0 8 Bytes [57, 2F, 81, 6F, 9C, 5B, 80, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ole32.dll!OleLoadFromStream 766A1E80 5 Bytes JMP 6A415370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ole32.dll!CoCreateInstance 766D9F3E 5 Bytes JMP 6A31DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] WININET.dll!InternetOpenA 76D2D690 5 Bytes JMP 01B30000
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] WININET.dll!InternetOpenW 76D2DB09 5 Bytes JMP 01B3001B
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] WININET.dll!InternetOpenUrlA 76D2F3A4 5 Bytes JMP 01B30036
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] WININET.dll!InternetOpenUrlW 76D76D77 5 Bytes JMP 01B30051
.text C:\Program Files\Internet Explorer\iexplore.exe[53524] ws2_32.dll!socket 763736D1 5 Bytes JMP 01B50FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ntdll.dll!NtCreateFile 77AA43D4 5 Bytes JMP 0004000A
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ntdll.dll!NtCreateProcess 77AA4494 5 Bytes JMP 00040FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ntdll.dll!NtProtectVirtualMemory 77AA4D34 5 Bytes JMP 0004001B
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!GetStartupInfoW 76C21929 5 Bytes JMP 000100D0
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!GetStartupInfoA 76C219C9 5 Bytes JMP 000100BF
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 00010F54
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 000100E1
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!VirtualProtect 76C21DC3 5 Bytes JMP 0001007F
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!CreateNamedPipeA 76C22EF5 5 Bytes JMP 00010025
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!CreateNamedPipeW 76C25C0C 5 Bytes JMP 00010036
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!CreatePipe 76C48E6E 5 Bytes JMP 000100A4
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!LoadLibraryExW 76C49109 5 Bytes JMP 00010062
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!LoadLibraryW 76C49362 5 Bytes JMP 00010FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!LoadLibraryExA 76C494B4 5 Bytes JMP 00010051
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!LoadLibraryA 76C494DC 5 Bytes JMP 00010FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!VirtualProtectEx 76C4DBDA 5 Bytes JMP 00010F94
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!GetProcAddress 76C6903B 5 Bytes JMP 00010F39
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!CreateFileW 76C6AECB 5 Bytes JMP 00010014
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!CreateFileA 76C6CE5F 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] kernel32.dll!WinExec 76CB5CF7 5 Bytes JMP 00010F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ADVAPI32.dll!RegCreateKeyExA 762B39AB 5 Bytes JMP 00050FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ADVAPI32.dll!RegCreateKeyA 762B3BA9 5 Bytes JMP 0005002F
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ADVAPI32.dll!RegOpenKeyA 762B89C7 5 Bytes JMP 00050FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ADVAPI32.dll!RegCreateKeyW 762C391E 5 Bytes JMP 00050FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ADVAPI32.dll!RegCreateKeyExW 762C41F1 5 Bytes JMP 0005005E
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ADVAPI32.dll!RegOpenKeyExA 762C7C42 5 Bytes JMP 00050FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ADVAPI32.dll!RegOpenKeyW 762CE2B5 5 Bytes JMP 0005000A
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ADVAPI32.dll!RegOpenKeyExW 762D7BA1 5 Bytes JMP 00050FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!CreateDialogParamW 77C072A2 5 Bytes JMP 6A31DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!GetAsyncKeyState 77C0863C 5 Bytes JMP 6A238F1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!SetWindowsHookExW 77C087AD 5 Bytes JMP 6A319AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!CallNextHookEx 77C08E3B 5 Bytes JMP 6A30D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!UnhookWindowsHookEx 77C098DB 5 Bytes JMP 6A284696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!EnableWindow 77C0CD8B 5 Bytes JMP 6A31DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!CreateWindowExW 77C11305 5 Bytes JMP 6A31DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!GetKeyState 77C18CB1 5 Bytes JMP 6A31D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!IsDialogMessageW 77C20745 5 Bytes JMP 6A245A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!CreateDialogParamA 77C217AA 5 Bytes JMP 6A415C74 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!IsDialogMessage 77C21847 5 Bytes JMP 6A415510 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!CreateDialogIndirectParamA 77C226F1 5 Bytes JMP 6A415CAB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!CreateDialogIndirectParamW 77C29A62 5 Bytes JMP 6A415CE2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!SetKeyboardState 77C30987 5 Bytes JMP 6A41587F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!DialogBoxParamW 77C310B0 5 Bytes JMP 6A245501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!DialogBoxIndirectParamW 77C32EF5 5 Bytes JMP 6A414FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!SendInput 77C32F75 5 Bytes JMP 6A41643B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!EndDialog 77C3326E 5 Bytes JMP 6A247EBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!SetCursorPos 77C46FB2 5 Bytes JMP 6A41648F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!DialogBoxParamA 77C48152 5 Bytes JMP 6A414F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!DialogBoxIndirectParamA 77C4847D 5 Bytes JMP 6A415052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!MessageBoxIndirectA 77C5D4D9 5 Bytes JMP 6A414F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!MessageBoxIndirectW 77C5D5D3 5 Bytes JMP 6A414EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!MessageBoxExA 77C5D639 5 Bytes JMP 6A414E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!MessageBoxExW 77C5D65D 5 Bytes JMP 6A414DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] USER32.dll!keybd_event 77C5D972 5 Bytes JMP 6A4167BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] msvcrt.dll!_wsystem 76827F2F 5 Bytes JMP 00060FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] msvcrt.dll!system 7682804B 5 Bytes JMP 00060FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] msvcrt.dll!_creat 7682BBE1 5 Bytes JMP 00060FD9
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] msvcrt.dll!_open 7682D106 5 Bytes JMP 00060000
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] msvcrt.dll!_wcreat 7682D326 5 Bytes JMP 00060FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] msvcrt.dll!_wopen 7682D501 5 Bytes JMP 00060011
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] SHELL32.dll!SHRestricted + D95 76E789A8 4 Bytes [4D, 30, 81, 6F]
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] SHELL32.dll!SHRestricted + D9D 76E789B0 8 Bytes [57, 2F, 81, 6F, 9C, 5B, 80, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ole32.dll!OleLoadFromStream 766A1E80 5 Bytes JMP 6A415370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] ole32.dll!CoCreateInstance 766D9F3E 5 Bytes JMP 6A31DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] WS2_32.dll!socket 763736D1 5 Bytes JMP 01BA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] WININET.dll!InternetOpenA 76D2D690 5 Bytes JMP 01BB0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] WININET.dll!InternetOpenW 76D2DB09 5 Bytes JMP 01BB0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] WININET.dll!InternetOpenUrlA 76D2F3A4 5 Bytes JMP 01BB0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[54580] WININET.dll!InternetOpenUrlW 76D76D77 5 Bytes JMP 01BB000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


[ComboFix 11-01-15.01 - Alice 16/01/2011 19:58:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.1725 [GMT 0:00]
Running from: c:\users\Alice\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Alice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Personal Internet Security 2011.lnk
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Personal Internet Security 2011.lnk
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Personal Internet Security 2011.lnk
c:\users\Alice\AppData\Roaming\Personal Internet Security 2011
c:\users\Alice\Desktop\Personal Internet Security 2011.lnk

.
((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 20:03 . 2011-01-16 20:03 -------- d-----w- c:\users\Alice\AppData\Local\temp
2011-01-16 20:03 . 2011-01-16 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-16 15:33 . 2011-01-16 15:33 -------- d-----w- c:\users\Alice\AppData\Roaming\SUPERAntiSpyware.com
2011-01-16 15:33 . 2011-01-16 15:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-16 15:13 . 2011-01-16 15:13 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-01-16 15:03 . 2011-01-16 15:14 -------- d-----w- c:\programdata\AVG10
2011-01-15 20:11 . 2011-01-15 20:11 -------- d-sh--w- c:\programdata\PICULZLNS
2011-01-15 20:08 . 2011-01-15 20:45 -------- d-sh--w- c:\programdata\5bca38
2011-01-14 10:48 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{680C8E2E-07F1-4874-92D2-5B53E3D3CEFD}\mpengine.dll
2011-01-12 11:43 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 11:43 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 11:43 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 11:43 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 11:43 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 11:43 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 11:43 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 19:08 . 2010-12-10 19:08 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-04 18:56 . 2010-12-16 17:01 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-16 17:01 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-16 17:01 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-16 17:01 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-16 17:01 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-16 17:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-16 17:01 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-16 17:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-16 17:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-16 17:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-16 17:01 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-16 17:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-16 17:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-16 17:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-16 17:00 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-16 17:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 10:41 . 2010-12-05 16:03 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Personal Internet Security 2011"="c:\programdata\5bca38\PI5bc_2159.exe" [2011-01-15 3874816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-29 149280]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-03-19 7308584]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-03-19 83240]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 SASDIFSV;SASDIFSV;c:\users\Alice\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\Alice\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{0BB3704E-DFC8-41EF-86DF-65D1C2C90D0C}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25494
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 20:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-16 20:05:23
ComboFix-quarantined-files.txt 2011-01-16 20:05

Pre-Run: 56,927,875,072 bytes free
Post-Run: 57,023,143,936 bytes free

- - End Of File - - 9B2BE8F168B2671A22073625DF63E60D

BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:58 AM

Posted 24 January 2011 - 09:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:58 AM

Posted 28 January 2011 - 10:34 AM

Do you still need help?

Best Regards,
oneof4.


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 01 February 2011 - 06:59 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users