Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cool01.11.php


  • This topic is locked This topic is locked
37 replies to this topic

#1 picturejewel

picturejewel

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 25 February 2011 - 07:42 PM

My email was hijacked the undeliverable mail had links with various sites but all ending in /cool01.11.php
since then cannot find any virus or malware but registry problems that mcafee and uniblue unable to fix.



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-25 19:35:50
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 WDC_WD1600JS-75NCB3 rev.10.02E04
Running: gmer.exe; Driver: C:\Users\melanie\AppData\Local\Temp\pxrdifow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82C380B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82C380E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82C380CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82C380A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82279982 5 Bytes JMP 82C380A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8243F0D3 5 Bytes JMP 82C380E6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8245E82A 7 Bytes JMP 82C380BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8245EAED 5 Bytes JMP 82C380D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? C:\Users\melanie\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[736] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00180FEF
.text C:\Windows\system32\services.exe[736] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00180FB9
.text C:\Windows\system32\services.exe[736] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00180FD4
.text C:\Windows\system32\services.exe[736] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 001700BC
.text C:\Windows\system32\services.exe[736] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00170F80
.text C:\Windows\system32\services.exe[736] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 001700E8
.text C:\Windows\system32\services.exe[736] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 001700D7
.text C:\Windows\system32\services.exe[736] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00170FAC
.text C:\Windows\system32\services.exe[736] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00170011
.text C:\Windows\system32\services.exe[736] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00170036
.text C:\Windows\system32\services.exe[736] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 001700AB
.text C:\Windows\system32\services.exe[736] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00170084
.text C:\Windows\system32\services.exe[736] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00170062
.text C:\Windows\system32\services.exe[736] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00170073
.text C:\Windows\system32\services.exe[736] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00170051
.text C:\Windows\system32\services.exe[736] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00170F9B
.text C:\Windows\system32\services.exe[736] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00170F36
.text C:\Windows\system32\services.exe[736] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00170000
.text C:\Windows\system32\services.exe[736] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00170FE5
.text C:\Windows\system32\services.exe[736] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00170F5B
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 001A0040
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 001A0FAF
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 001A0000
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 001A0F9E
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 001A0F83
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 001A0FCA
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 001A0FE5
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 001A001B
.text C:\Windows\system32\services.exe[736] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00190F97
.text C:\Windows\system32\services.exe[736] msvcrt.dll!system 76FC804B 5 Bytes JMP 00190022
.text C:\Windows\system32\services.exe[736] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00190FC6
.text C:\Windows\system32\services.exe[736] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00190FEF
.text C:\Windows\system32\services.exe[736] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00190011
.text C:\Windows\system32\services.exe[736] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00190000
.text C:\Windows\system32\services.exe[736] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00960FEF
.text C:\Windows\system32\lsass.exe[752] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\lsass.exe[752] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 001F0025
.text C:\Windows\system32\lsass.exe[752] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 001F0014
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 001E0F4B
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 001E0F5C
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 001E00C7
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 001E00A2
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 001E006C
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 001E001B
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 001E0FCA
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 001E0087
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 001E0F88
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 001E0047
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 001E0FA5
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 001E0036
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 001E0F77
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 001E0F0B
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 001E0000
.text C:\Windows\system32\lsass.exe[752] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 001E0F30
.text C:\Windows\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 008F006C
.text C:\Windows\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 008F0FD4
.text C:\Windows\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 008F000A
.text C:\Windows\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 008F005B
.text C:\Windows\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 008F0FAF
.text C:\Windows\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 008F0036
.text C:\Windows\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 008F0025
.text C:\Windows\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\lsass.exe[752] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00200F97
.text C:\Windows\system32\lsass.exe[752] msvcrt.dll!system 76FC804B 5 Bytes JMP 00200022
.text C:\Windows\system32\lsass.exe[752] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00200000
.text C:\Windows\system32\lsass.exe[752] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00200FEF
.text C:\Windows\system32\lsass.exe[752] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00200011
.text C:\Windows\system32\lsass.exe[752] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00200FC6
.text C:\Windows\system32\lsass.exe[752] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00A90FE5
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00300FE5
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00300FB9
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00270F44
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00270F55
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00270F29
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 002700C0
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00270F95
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00270FCD
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00270028
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00270F66
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 0027006F
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00270054
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00270FB2
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00270039
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00270080
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 002700DB
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00270FDE
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 0027009B
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00310FA1
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!system 76FC804B 5 Bytes JMP 00310FB2
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00310FDE
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00310FCD
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00310018
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 007A0040
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 007A0FB9
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 007A0FE5
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 007A0F9E
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 007A0F83
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 007A001B
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 007A000A
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 007A0FCA
.text C:\Windows\system32\svchost.exe[920] WS2_32.dll!socket 772A36D1 5 Bytes JMP 007B0FE5
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00340FD4
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 001E0F3E
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 001E0084
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessW 75D21BF3 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 001E0EF7
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 001E0F08
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 001E0062
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 001E0000
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 001E001B
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 001E0073
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 001E0F94
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 001E0FA5
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 001E0047
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 001E002C
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 001E0F6D
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 001E0EDC
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 001E0F23
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00350FB7
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!system 76FC804B 5 Bytes JMP 00350042
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 0035000C
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00350FEF
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00350027
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00350FDE
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 008F005E
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 008F002F
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 008F0FB2
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 008F0079
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 008F0FC3
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 008F0FDE
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 008F0014
.text C:\Windows\system32\svchost.exe[980] WS2_32.dll!socket 772A36D1 5 Bytes JMP 0090000A
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00E00FE5
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00E00FB9
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00E00FD4
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00DF0087
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00DF0076
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00DF0098
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00DF0F0B
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00DF0051
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00DF0FD4
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00DF0025
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00DF0F41
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00DF0F83
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00DF0FAF
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00DF0F94
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00DF0040
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00DF0F5C
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00DF0EE6
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00DF0FEF
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00DF000A
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00DF0F1C
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00E5007A
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!system 76FC804B 5 Bytes JMP 00E5005F
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00E50FEF
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00E50000
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00E5004E
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00E50029
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00F60F7C
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00F60FB2
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00F60FEF
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00F60F97
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00F60F61
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00F60014
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00F60FD4
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00F60FC3
.text C:\Windows\System32\svchost.exe[1020] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00F70000
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 001A000A
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 001A0036
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 001A0025
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00130091
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00130F41
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00130F0B
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 001300A2
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 0013005B
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 0013000A
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 0013001B
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00130076
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00130F83
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00130040
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00130F9E
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00130FAF
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00130F66
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00130EF0
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00130FD4
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00130FEF
.text C:\Windows\System32\svchost.exe[1124] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00130F26
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 001B0FBC
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!system 76FC804B 5 Bytes JMP 001B0FCD
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 001B0FDE
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_open 76FCD106 5 Bytes JMP 001B0FEF
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 001B0033
.text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 001B0018
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00250F6B
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00250F97
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00250FEF
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00250F7C
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00250032
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00250FC3
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00250FDE
.text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00250FB2
.text C:\Windows\System32\svchost.exe[1124] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00900FEF
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00900FD4
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00860F85
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 008600CB
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00860F6A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00860101
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00860098
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00860FE5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00860040
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 008600BA
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00860087
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 0086006C
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00860FCA
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00860051
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 008600A9
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00860F4F
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 0086001B
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00860000
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 008600E6
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00950F8B
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!system 76FC804B 5 Bytes JMP 00950FA6
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00950FD2
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00950000
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00950FB7
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00950FE3
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00870047
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00870036
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00870000
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00870FAF
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00870058
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 0087001B
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00870FE5
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00870FD4
.text C:\Windows\System32\svchost.exe[1148] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00F90FEF
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00F90FCA
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00F90000
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00F30F60
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00F300A6
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00F30F20
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00F30F3B
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00F3007A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00F30FC0
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00F30011
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00F3008B
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00F30069
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00F3003D
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00F30058
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00F3002C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00F30F85
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00F30F0F
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00F30000
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00F30FEF
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00F300C1
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 010F0047
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!system 76FC804B 5 Bytes JMP 010F0036
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 010F0000
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_open 76FCD106 5 Bytes JMP 010F0FE3
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 010F0011
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 010F0FD2
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00F80F57
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00F80F8D
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00F80FEF
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00F80F68
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00F8000A
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00F80FB9
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00F80FD4
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00F80FA8
.text C:\Windows\system32\svchost.exe[1168] WS2_32.dll!socket 772A36D1 5 Bytes JMP 01100000
.text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 007D000A
.text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 007D0FE5
.text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 007D001B
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00140F48
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 0014008E
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 001400C4
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00140F2D
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00140058
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 0014001B
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 0014007D
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00140F8A
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00140047
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00140FA5
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 0014002C
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00140F63
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 001400DF
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00140FDE
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 001400A9
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 007E0058
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!system 76FC804B 5 Bytes JMP 007E003D
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 007E0018
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_open 76FCD106 5 Bytes JMP 007E0FEF
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 007E0FCD
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 007E0FDE
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00230F86
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00230F97
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00230FEF
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 0023001E
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00230043
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00230FC3
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00230FD4
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00230FB2
.text C:\Windows\system32\svchost.exe[1300] WS2_32.dll!socket 772A36D1 5 Bytes JMP 007F0000
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00DD0FEF
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00DD0FB9
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00DD0FD4
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00CF0080
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00CF0F3A
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00CF0EE9
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00CF0EFA
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00CF0F70
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00CF0FCA
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00CF0FB9
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00CF0F4B
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00CF004A
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00CF0F8D
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00CF0039
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00CF0F9E
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00CF005B
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00CF009B
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00CF0000
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00CF0FE5
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00CF0F15
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00DF0051
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!system 76FC804B 5 Bytes JMP 00DF0FBC
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00DF0022
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00DF0FCD
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00DF0011
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00DC0F97
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00DC0039
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00DC0FEF
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00DC0FB2
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00DC0054
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00DC0FD4
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00DC000A
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00DC0FC3
.text C:\Windows\system32\svchost.exe[1484] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00E10FEF
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenA 76EAD690 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenW 76EADB09 5 Bytes JMP 00DE0FE5
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlA 76EAF3A4 5 Bytes JMP 00DE0FCA
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlW 76EF6D77 5 Bytes JMP 00DE0FAF
.text C:\Windows\system32\svchost.exe[1636] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00A0000A
.text C:\Windows\system32\svchost.exe[1636] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00A00FD4
.text C:\Windows\system32\svchost.exe[1636] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00A00FEF
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 001700D3
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 001700B8
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00170109
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 001700EE
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00170F94
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00170FCA
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 0017001B
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00170F83
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 0017006E
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00170036
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00170051
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00170FAF
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00170089
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00170124
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00170FE5
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00170F72
.text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00A30FA1
.text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!system 76FC804B 5 Bytes JMP 00A3002C
.text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00A30000
.text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00A30FEF
.text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00A30011
.text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00A30FC6
.text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 009F0FA8
.text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 009F0FC3
.text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 009F004A
.text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 009F006F
.text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 009F002F
.text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 009F0014
.text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 009F0FD4
.text C:\Windows\system32\svchost.exe[1636] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00A40000
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00440000
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00440FDB
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00440011
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00410F54
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 0041009A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00410F1E
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 004100B5
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00410F8A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 0041001B
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 0041002C
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00410F6F
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00410F9B
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 0041003D
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 0041004E
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00410FC0
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 0041007F
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00410F03
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 0041000A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00410FEF
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00410F39
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 0045001B
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!system 76FC804B 5 Bytes JMP 00450F90
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00450FC6
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00450FE3
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00450FAB
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00450000
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00420025
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00420014
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00420FEF
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00420F83
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00420F68
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00420FB9
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00420FD4
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00420FA8
.text C:\Windows\system32\svchost.exe[1908] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00460000
.text C:\Windows\system32\svchost.exe[2060] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[2060] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[2060] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00010F6D
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 000100A9
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 000100F3
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00010F52
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 0001007D
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00010F88
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 0001004A
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 0001005B
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00010FC3
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00010F37
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 000100C4
.text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 000A0FD4
.text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!system 76FC804B 5 Bytes JMP 000A005F
.text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 000A0033
.text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_open 76FCD106 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 000A004E
.text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 000B0FA1
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 000B0FC3
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 000B000A
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 000B0FB2
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 000B005E
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 000B0025
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 000B0FDE
.text C:\Windows\system32\svchost.exe[2060] WS2_32.dll!socket 772A36D1 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\svchost.exe[2072] ntdll.dll!NtCreateFile 771D4224 3 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[2072] ntdll.dll!NtCreateFile + 4 771D4228 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2072] ntdll.dll!NtCreateProcess 771D42E4 3 Bytes JMP 001E0FCD
.text C:\Windows\system32\svchost.exe[2072] ntdll.dll!NtCreateProcess + 4 771D42E8 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2072] ntdll.dll!NtProtectVirtualMemory 771D4B84 3 Bytes JMP 001E0FDE
.text C:\Windows\system32\svchost.exe[2072] ntdll.dll!NtProtectVirtualMemory + 4 771D4B88 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 000700C9
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00070106
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00070F6F
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00070FC3
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00070FDE
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00070091
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00070065
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00070080
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 0007004A
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 000700B8
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00070F5E
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[2072] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 000700F5
.text C:\Windows\system32\svchost.exe[2072] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00740FB7
.text C:\Windows\system32\svchost.exe[2072] msvcrt.dll!system 76FC804B 5 Bytes JMP 00740042
.text C:\Windows\system32\svchost.exe[2072] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00740FE3
.text C:\Windows\system32\svchost.exe[2072] msvcrt.dll!_open 76FCD106 5 Bytes JMP 0074000C
.text C:\Windows\system32\svchost.exe[2072] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00740FC8
.text C:\Windows\system32\svchost.exe[2072] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 0074001D
.text C:\Windows\system32\svchost.exe[2072] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00120FB6
.text C:\Windows\system32\svchost.exe[2072] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00120FD1
.text C:\Windows\system32\svchost.exe[2072] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[2072] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00120058
.text C:\Windows\system32\svchost.exe[2072] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00120F9B
.text C:\Windows\system32\svchost.exe[2072] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00120036
.text C:\Windows\system32\svchost.exe[2072] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00120011
.text C:\Windows\system32\svchost.exe[2072] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00120047
.text C:\Windows\system32\svchost.exe[2072] WS2_32.dll!socket 772A36D1 5 Bytes JMP 008E0000
.text C:\Windows\system32\svchost.exe[2184] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[2184] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 0087001B
.text C:\Windows\system32\svchost.exe[2184] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 0087000A
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00850F4A
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00850F5B
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00850F2F
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 008500C6
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 0085007F
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00850FDB
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 00850F80
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 0085006E
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00850047
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00850FA5
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00850036
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00850090
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 008500D7
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 0085001B
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[2184] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 008500B5
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!_wsystem 76FC7F2F 3 Bytes JMP 00880FA6
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!_wsystem + 4 76FC7F33 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!system 76FC804B 3 Bytes JMP 00880FB7
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!system + 4 76FC804F 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!_creat 76FCBBE1 3 Bytes JMP 00880FD2
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!_creat + 4 76FCBBE5 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!_wcreat 76FCD326 3 Bytes JMP 00880027
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!_wcreat + 4 76FCD32A 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2184] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00880FE3
.text C:\Windows\system32\svchost.exe[2184] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00860058
.text C:\Windows\system32\svchost.exe[2184] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00860FB6
.text C:\Windows\system32\svchost.exe[2184] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00860000
.text C:\Windows\system32\svchost.exe[2184] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 0086003D
.text C:\Windows\system32\svchost.exe[2184] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00860F9B
.text C:\Windows\system32\svchost.exe[2184] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 0086002C
.text C:\Windows\system32\svchost.exe[2184] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00860011
.text C:\Windows\system32\svchost.exe[2184] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00860FD1
.text C:\Windows\system32\svchost.exe[2184] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00E80000
.text C:\Windows\System32\svchost.exe[2296] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[2296] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00070FD4
.text C:\Windows\System32\svchost.exe[2296] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 0005009B
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 0005008A
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 000500D8
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 000500C7
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00050039
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00050FB9
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 0005006F
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00050F55
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00050F83
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00050F72
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00050F9E
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 0005004A
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 000500E9
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2296] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 000500B6
.text C:\Windows\System32\svchost.exe[2296] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00080040
.text C:\Windows\System32\svchost.exe[2296] msvcrt.dll!system 76FC804B 5 Bytes JMP 00080FAB
.text C:\Windows\System32\svchost.exe[2296] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00080FD7
.text C:\Windows\System32\svchost.exe[2296] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[2296] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00080FC6
.text C:\Windows\System32\svchost.exe[2296] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00080011
.text C:\Windows\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00060087
.text C:\Windows\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00060076
.text C:\Windows\System32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00060098
.text C:\Windows\System32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 0006005B
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2636] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 6DD39AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2636] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 6DD39A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[3856] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00040000
.text C:\Windows\Explorer.EXE[3856] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00040FD1
.text C:\Windows\Explorer.EXE[3856] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00040011
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00010F37
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00010F52
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00010EF0
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00010F01
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00010F74
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 0001007D
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00010058
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00010036
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00010047
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00010F63
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00010ED5
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[3856] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00010F12
.text C:\Windows\Explorer.EXE[3856] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00060054
.text C:\Windows\Explorer.EXE[3856] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00060FA8
.text C:\Windows\Explorer.EXE[3856] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00060FEF
.text C:\Windows\Explorer.EXE[3856] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 0006002F
.text C:\Windows\Explorer.EXE[3856] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 0006006F
.text C:\Windows\Explorer.EXE[3856] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00060FD4
.text C:\Windows\Explorer.EXE[3856] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 0006000A
.text C:\Windows\Explorer.EXE[3856] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00060FB9
.text C:\Windows\Explorer.EXE[3856] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00070FD2
.text C:\Windows\Explorer.EXE[3856] msvcrt.dll!system 76FC804B 5 Bytes JMP 00070053
.text C:\Windows\Explorer.EXE[3856] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00070FE3
.text C:\Windows\Explorer.EXE[3856] msvcrt.dll!_open 76FCD106 5 Bytes JMP 0007000C
.text C:\Windows\Explorer.EXE[3856] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00070038
.text C:\Windows\Explorer.EXE[3856] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 0007001D
.text C:\Windows\Explorer.EXE[3856] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00910FEF
.text C:\Windows\Explorer.EXE[3856] WININET.dll!InternetOpenA 76EAD690 5 Bytes JMP 04120FEF
.text C:\Windows\Explorer.EXE[3856] WININET.dll!InternetOpenW 76EADB09 5 Bytes JMP 0412000A
.text C:\Windows\Explorer.EXE[3856] WININET.dll!InternetOpenUrlA 76EAF3A4 5 Bytes JMP 04120FD4
.text C:\Windows\Explorer.EXE[3856] WININET.dll!InternetOpenUrlW 76EF6D77 5 Bytes JMP 0412001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00040FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00040FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 000100B5
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00010F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 000100EB
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 000100D0
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 00010075
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 0001001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00010036
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 0001009A
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00010F9B
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00010058
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00010FAC
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00010047
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00010F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00010110
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00010FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00010F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00150043
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00150028
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00150FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 0015005E
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00150FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00150FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00150FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!CreateWindowExW 76B91305 5 Bytes JMP 68CADB6C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxParamW 76BB10B0 5 Bytes JMP 68BD5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamW 76BB2EF5 5 Bytes JMP 68DA502F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxParamA 76BC8152 5 Bytes JMP 68DA4FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamA 76BC847D 5 Bytes JMP 68DA5092 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxIndirectA 76BDD4D9 5 Bytes JMP 68DA4F61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxIndirectW 76BDD5D3 5 Bytes JMP 68DA4EF6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxExA 76BDD639 5 Bytes JMP 68DA4E94 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxExW 76BDD65D 5 Bytes JMP 68DA4E32 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00160025
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] msvcrt.dll!system 76FC804B 5 Bytes JMP 00160F9A
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00160FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00160FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00160FB5
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00160000
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] WININET.dll!InternetOpenA 76EAD690 5 Bytes JMP 002D0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] WININET.dll!InternetOpenW 76EADB09 5 Bytes JMP 002D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] WININET.dll!InternetOpenUrlA 76EAF3A4 5 Bytes JMP 002D0FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] WININET.dll!InternetOpenUrlW 76EF6D77 5 Bytes JMP 002D001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ws2_32.dll!socket 772A36D1 5 Bytes JMP 011F0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00040025
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00040FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00010F76
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00010F87
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 000100E8
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00010F51
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 000100A1
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00010011
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 0001002C
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 000100B2
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 0001007A
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00010058
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 00010069
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00010047
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 00010FAC
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00010F36
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 00010FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 000100D7
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00050076
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00050051
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00050FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00050FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 00050087
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00050025
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00050014
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00050040
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!CreateDialogParamW 76B872A2 5 Bytes JMP 68CADEF8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!GetAsyncKeyState 76B8863C 5 Bytes JMP 68BC8F37 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!SetWindowsHookExW 76B887AD 5 Bytes JMP 68CA9B15 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!CallNextHookEx 76B88E3B 5 Bytes JMP 68C9D16D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!UnhookWindowsHookEx 76B898DB 5 Bytes JMP 68C14666 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!EnableWindow 76B8CD8B 5 Bytes JMP 68CADD85 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!CreateWindowExW 76B91305 5 Bytes JMP 68CADB6C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!GetKeyState 76B98CB1 5 Bytes JMP 68CAD333 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!IsDialogMessageW 76BA0745 5 Bytes JMP 68BD5A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!CreateDialogParamA 76BA17AA 5 Bytes JMP 68DA5CB4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!IsDialogMessage 76BA1847 5 Bytes JMP 68DA5550 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!CreateDialogIndirectParamA 76BA26F1 5 Bytes JMP 68DA5CEB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!CreateDialogIndirectParamW 76BA9A62 5 Bytes JMP 68DA5D22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!SetKeyboardState 76BB0987 5 Bytes JMP 68DA58BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!DialogBoxParamW 76BB10B0 5 Bytes JMP 68BD5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!DialogBoxIndirectParamW 76BB2EF5 5 Bytes JMP 68DA502F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!SendInput 76BB2F75 5 Bytes JMP 68DA647B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!EndDialog 76BB326E 5 Bytes JMP 68BD7EBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!SetCursorPos 76BC6FB2 5 Bytes JMP 68DA64CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!DialogBoxParamA 76BC8152 5 Bytes JMP 68DA4FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!DialogBoxIndirectParamA 76BC847D 5 Bytes JMP 68DA5092 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!MessageBoxIndirectA 76BDD4D9 5 Bytes JMP 68DA4F61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!MessageBoxIndirectW 76BDD5D3 5 Bytes JMP 68DA4EF6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!MessageBoxExA 76BDD639 5 Bytes JMP 68DA4E94 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!MessageBoxExW 76BDD65D 5 Bytes JMP 68DA4E32 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] USER32.dll!keybd_event 76BDD972 5 Bytes JMP 68DA67FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 0006003D
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] msvcrt.dll!system 76FC804B 5 Bytes JMP 00060FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 00060011
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00060022
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00060000
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] SHELL32.dll!SHRestricted + D95 760E89A8 4 Bytes [4D, 30, 6C, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] SHELL32.dll!SHRestricted + D9D 760E89B0 8 Bytes [57, 2F, 6C, 73, 9C, 5B, 6B, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ole32.dll!OleLoadFromStream 75A61E80 5 Bytes JMP 68DA53B0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ole32.dll!CoCreateInstance 75A99F3E 5 Bytes JMP 68CADBC8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] WININET.dll!InternetOpenA 76EAD690 5 Bytes JMP 00FD0000
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] WININET.dll!InternetOpenW 76EADB09 5 Bytes JMP 00FD0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] WININET.dll!InternetOpenUrlA 76EAF3A4 5 Bytes JMP 00FD0025
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] WININET.dll!InternetOpenUrlW 76EF6D77 5 Bytes JMP 00FD0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ws2_32.dll!closesocket 772A330C 5 Bytes JMP 6C9C41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ws2_32.dll!recv 772A343A 5 Bytes JMP 6C9C4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ws2_32.dll!socket 772A36D1 5 Bytes JMP 6C9C354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ws2_32.dll!connect 772A40D9 5 Bytes JMP 6C9C35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ws2_32.dll!getaddrinfo 772A418A 5 Bytes JMP 6C9C3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5088] ws2_32.dll!send 772A659B 5 Bytes JMP 6C9C3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[5264] ntdll.dll!NtCreateFile 771D4224 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[5264] ntdll.dll!NtCreateProcess 771D42E4 5 Bytes JMP 00040FDE
.text C:\Windows\system32\svchost.exe[5264] ntdll.dll!NtProtectVirtualMemory 771D4B84 5 Bytes JMP 00040014
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 000100F8
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 000100E7
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!CreateProcessW 75D21BF3 5 Bytes JMP 00010F75
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!CreateProcessA 75D21C28 5 Bytes JMP 00010F90
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!VirtualProtect 75D21DC3 5 Bytes JMP 0001008C
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!CreateNamedPipeA 75D22EF5 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!CreateNamedPipeW 75D25C0C 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!CreatePipe 75D48E6E 5 Bytes JMP 000100C2
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!LoadLibraryExW 75D49109 5 Bytes JMP 00010FB2
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!LoadLibraryW 75D49362 5 Bytes JMP 00010FCD
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!LoadLibraryExA 75D494B4 5 Bytes JMP 0001006F
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!LoadLibraryA 75D494DC 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!VirtualProtectEx 75D4DBDA 5 Bytes JMP 000100A7
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!GetProcAddress 75D6903B 5 Bytes JMP 00010F5A
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!CreateFileW 75D6AECB 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!CreateFileA 75D6CE5F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[5264] kernel32.dll!WinExec 75DB5CF7 5 Bytes JMP 00010FA1
.text C:\Windows\system32\svchost.exe[5264] msvcrt.dll!_wsystem 76FC7F2F 5 Bytes JMP 00060F8B
.text C:\Windows\system32\svchost.exe[5264] msvcrt.dll!system 76FC804B 5 Bytes JMP 00060FA6
.text C:\Windows\system32\svchost.exe[5264] msvcrt.dll!_creat 76FCBBE1 5 Bytes JMP 0006000C
.text C:\Windows\system32\svchost.exe[5264] msvcrt.dll!_open 76FCD106 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[5264] msvcrt.dll!_wcreat 76FCD326 5 Bytes JMP 00060FB7
.text C:\Windows\system32\svchost.exe[5264] msvcrt.dll!_wopen 76FCD501 5 Bytes JMP 00060FDE
.text C:\Windows\system32\svchost.exe[5264] ADVAPI32.dll!RegCreateKeyExA 770439AB 5 Bytes JMP 00070051
.text C:\Windows\system32\svchost.exe[5264] ADVAPI32.dll!RegCreateKeyA 77043BA9 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[5264] ADVAPI32.dll!RegOpenKeyA 770489C7 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[5264] ADVAPI32.dll!RegCreateKeyW 7705391E 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[5264] ADVAPI32.dll!RegCreateKeyExW 770541F1 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[5264] ADVAPI32.dll!RegOpenKeyExA 77057C42 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[5264] ADVAPI32.dll!RegOpenKeyW 7705E2B5 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[5264] ADVAPI32.dll!RegOpenKeyExW 77067BA1 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[5264] WS2_32.dll!socket 772A36D1 5 Bytes JMP 00130000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp NEOFLTR_650_15215.SYS
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp NEOFLTR_650_15215.SYS
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
DS (Ver_10-12-12.02) - NTFSx86
Run by melanie at 17:59:21.82 on Fri 02/25/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2013.1004 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Users\melanie\Desktop\Defogger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\melanie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101107205011.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ITPIPSetup] "E:\setupstb.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: care360.com
Trusted Zone: care360.com\portal
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: questdiagnostics.com
Trusted Zone: questdiagnostics.com\www
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://72.245.200.205:100/RemoteWeb.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://72.245.200.205:100/VideoViewer.ocx
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/iobiprofessional/unprotected/voicemail/IOBIVMUtil.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.tjuh.org/dana-cached/sc/JuniperSetupClient.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\melanie\appdata\roaming\mozilla\firefox\profiles\g3g3pod8.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-10 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-10 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-10 164840]
R1 NEOFLTR_650_15215;Juniper Networks TDI Filter Driver (NEOFLTR_650_15215);c:\windows\system32\drivers\NEOFLTR_650_15215.SYS [2010-7-2 85360]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-9-25 574808]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-23 21504]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-10 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-10 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-10 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-10 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-10 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-14 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-10 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-10 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-10 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-10 313288]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-10 84264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-30 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-25 22:18:15 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-25 21:08:37 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 21:06:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-25 21:06:34 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-25 20:57:27 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ee426090-efb1-4990-a2eb-05d9c69e11b5}\mpengine.dll
2011-02-18 22:11:52 -------- d-----w- c:\progra~2\MemeoCommon
2011-02-18 22:09:31 -------- d-----w- c:\users\melanie\appdata\roaming\Memeo
2011-02-18 22:08:41 -------- d-----w- c:\users\melanie\appdata\roaming\Seagate
2011-02-18 22:05:38 -------- d-----w- c:\program files\Memeo
2011-02-12 00:40:58 -------- d-----w- c:\program files\McAfee(105).com
2011-02-12 00:19:37 -------- d-----w- c:\windows\system32\appmgmt
2011-02-05 21:34:31 -------- d-----w- c:\program files\iPod(103)
2011-02-05 21:34:28 -------- d-----w- c:\program files\iTunes(104)
2011-01-30 19:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 19:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 18:00:34.88 ===============

At the advice of my consultant I ran combofix.exe and the log is attached:
ComboFix 11-02-25.01 - melanie 02/26/2011 9:17.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2013.968 [GMT -5:00]
Running from: c:\users\melanie\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\melanie\Desktop\Search.lnk
c:\users\melanie\GoToAssistDownloadHelper.exe
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 )))))))))))))))))))))))))))))))
.

2011-02-26 14:31 . 2011-02-26 14:34 -------- d-----w- c:\users\melanie\AppData\Local\temp
2011-02-26 14:31 . 2011-02-26 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 14:31 . 2011-02-26 14:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-02-25 22:18 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-25 21:08 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 21:06 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-25 21:06 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-25 20:57 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE426090-EFB1-4990-A2EB-05D9C69E11B5}\mpengine.dll
2011-02-18 22:11 . 2011-02-18 22:11 -------- d-----w- c:\programdata\MemeoCommon
2011-02-18 22:09 . 2011-02-19 16:56 -------- d-----w- c:\users\melanie\AppData\Roaming\Memeo
2011-02-18 22:08 . 2011-02-18 22:08 -------- d-----w- c:\users\melanie\AppData\Roaming\Seagate
2011-02-18 22:05 . 2011-02-18 22:08 -------- d-----w- c:\program files\Memeo
2011-02-18 21:43 . 2011-02-18 21:43 -------- d-----w- c:\users\melanie\AppData\Roaming\Leadertech
2011-02-12 00:40 . 2011-02-12 00:40 -------- d-----w- c:\program files\McAfee(105).com
2011-02-05 21:34 . 2011-02-19 21:13 -------- d-----w- c:\program files\iPod(103)
2011-02-05 21:34 . 2011-02-05 21:35 -------- d-----w- c:\program files\iTunes(104)
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2010-12-25 14:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-15 18:15 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-14 21:31 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2010-10-14 03:28 . 2010-09-10 20:23 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2007-09-06 99608]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"Aim"="c:\program files\AIM\aim.exe" [2010-05-21 3824472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-17 2065648]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-10 1097728]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 164840]
S1 NEOFLTR_650_15215;Juniper Networks TDI Filter Driver (NEOFLTR_650_15215);c:\windows\system32\Drivers\NEOFLTR_650_15215.SYS [2010-02-10 85360]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 141792]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - PXRDIFOW
*Deregistered* - mfeavfk01
*Deregistered* - pxrdifow

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-26 c:\windows\Tasks\User_Feed_Synchronization-{507D0ED8-F52A-4C56-8288-8ADAA9A9B666}.job
- c:\windows\system32\msfeedssync.exe [2011-02-25 04:47]

2011-02-25 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-02-25 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: care360.com
Trusted Zone: care360.com\portal
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: questdiagnostics.com
Trusted Zone: questdiagnostics.com\www
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://72.245.200.205:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://72.245.200.205:100/VideoViewer.ocx
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/iobiprofessional/unprotected/voicemail/IOBIVMUtil.CAB
FF - ProfilePath - c:\users\melanie\AppData\Roaming\Mozilla\Firefox\Profiles\g3g3pod8.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ITPIPSetup - E:\setupstb.exe
Notify-GoToAssist - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-26 09:34
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\users\melanie\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2011-02-26 09:45:17
ComboFix-quarantined-files.txt 2011-02-26 14:45

Pre-Run: 78,659,416,064 bytes free
Post-Run: 79,423,410,176 bytes free

- - End Of File - - FA79950CADB71DDAE6303F4ACAD22219

Attached Files

  • Attached File  ark.txt   113.3KB   0 downloads
  • Attached File  DDS.txt   17.73KB   0 downloads

Edited by picturejewel, 26 February 2011 - 11:15 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:53 AM

Posted 04 March 2011 - 08:30 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 picturejewel

picturejewel
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 04 March 2011 - 09:27 PM

thank you for your help. I did run combofix at the advise of my computer consultant and have posted those results after my original post.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:53 AM

Posted 04 March 2011 - 09:49 PM

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 picturejewel

picturejewel
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 05 March 2011 - 08:31 AM

No infection found. I think the Combofix.exe cleared some registry problems but am wondering if something is in bios file because the registry on start up listed an invalid file extension
HKEY_CURRENT_USER\Software\microsoft\windows\current\version\explorer\fileexts\DDECache
the registry cleaner has"repaired" this multiple times but it always recurrs.

#6 picturejewel

picturejewel
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 06 March 2011 - 09:42 AM

My ongoing concern is that despite changing passwords multiple times my msn.com email account is still being accessed by someone. What other functions have been breached in my computer, even now when the registry appears to be normal and malware is not detected? Is there anything else I should be doing? I do access the internet from 3 different computers but the password for the msn account can only be changed from one of those which now appears clean. The other computers are a MAC and one at my employer. I am grateful for all of your attention and help to date.

#7 picturejewel

picturejewel
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 06 March 2011 - 09:47 AM

forgot to post the report from your program

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:53 AM

Posted 06 March 2011 - 02:06 PM

I think you just got hit with an email virus. All email providers are apparently at risk. If you are a Gmail customer you can log in and read their preventative methods. Thread here, link to Gmail here

I haven't been able to find anything that says that anything is installed or downloaded onto your system. It's just a typical random account takeover.

If you want to test this then you can use Sitemeter. This article shows you how to do a basic email test.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:53 AM

Posted 08 March 2011 - 08:02 PM

Have you given that a try?
Posted Image
m0le is a proud member of UNITE

#10 picturejewel

picturejewel
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 08 March 2011 - 08:52 PM

I did try that and as of yesterday no hits. but today MSN locked my email account. Do you know if the programs we ran check for infections within the boot file? I read that some infections target that area and hide there and continue to alter the registry files.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:53 AM

Posted 09 March 2011 - 11:28 AM

TDSSKiller searches the boot file. So does MBRCheck so let's try it - I have to say that the boot file isn't likely to be the cause here though.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#12 picturejewel

picturejewel
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 11 March 2011 - 05:34 PM

I have attached the registry problems that keep recurring even after repairing, and the log from the MBRcheckAttached File  MBRCheck_03.11.11_17.28.53.txt   12.4KB   1 downloadsAttached File  registry problems.html   6.59KB   4 downloads

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:53 AM

Posted 11 March 2011 - 07:14 PM

The MBR was fine as I thought. The registry information you provided is interesting though.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
    HKEY_CURRENT_USER\Software\microsoft\windows\currentVersion\explorer\fileexts\.bak 
    HKEY_CURRENT_USER\Software\microsoft\windows\currentVersion\explorer\fileexts\.uccapilog 
    HKEY_CURRENT_USER\Software\microsoft\windows\currentVersion\explorer\fileexts\DDECache
    HKEY_CURRENT_USER\Software\microsoft\windows\currentVersion\explorer\fileexts\OpenWithList 
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#14 picturejewel

picturejewel
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 11 March 2011 - 08:13 PM

Attached File  SystemLook.txt   1.1KB   1 downloadsattached file

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:53 AM

Posted 11 March 2011 - 08:25 PM

Okay, registry changing now so we must back up the current registry so we can restore it if there's a problem.

1/ Click Start

2/ From the menu click Run

3/ In the Run dialog box type: regedit

4/ The Windows registry Editor will now open

5/ Click the File option on the main toolbar and, from the drop down menu, select Export

6/ In the Export Registry File dialog box select All

7/ Now name the file

8/ Finally click the Save button

9/ To return the registry back to its original state should something go wrong simply click on the File option on the main registry editor toolbar and then select Import


Now run OTL with this script

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:reg
[HKEY_CURRENT_USER\Software\microsoft\windows\currentVersion\explorer\fileexts\.bak] 
@=""
[HKEY_CURRENT_USER\Software\microsoft\windows\currentVersion\explorer\fileexts\.uccapilog] 
@=""
[HKEY_CURRENT_USER\Software\microsoft\windows\currentVersion\explorer\fileexts\DDECache]
@=""
[HKEY_CURRENT_USER\Software\microsoft\windows\currentVersion\explorer\fileexts\OpenWithList] 
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users