Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keeps redirecting, can't open most programs


  • This topic is locked This topic is locked
2 replies to this topic

#1 roxyrjo

roxyrjo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 08 May 2011 - 10:57 PM

Attached File  DDS.txt   18.8KB   3 downloadsAttached File  Attach.txt   21.29KB   0 downloadsAttached File  ark.txt   94.46KB   1 downloads

first i somehow got that windows security antivirus your system's been hijacked virus. and i did the iexplorer rkill then the malwarebytes and i thought everything was good but i couldn't put the mcafee back on for some reason it would say incomplete couldn't download any of the program try again or try mcafee virtual assistant but when i did that it said no mcafee programs were installed to look at. theni couldn't open any programs it would say open with but nothing i picked would open anything and if i tried to get on the internet i couldn't unless i went through like a game manager or some round a bout way, but if i do get on it keeps redirecting me to random sites and then my cursor started acting all wild too and the internet started coming up with some my start homepage and when i tried to go to add remove programs it said something like couldn't find win 32 application maybe not exactly that but something like that
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 0:15:39.33 on Mon 05/09/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.63 [GMT -5:00]
.
AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q5XIHP1U\Defogger[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q5XIHP1U\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T6528
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f84531ac0000000000000016171cfd5a&tlver=1.4.19.19&ss=1&affID=17396
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110508031201.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: profilesong Toolbar: {981e53ba-6df4-4d99-8c33-6c398f5c139e} - c:\program files\profilesong\tbprof.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Morphster: {a5261eca-0e9b-48c8-9567-2673ee57b299} - c:\program files\morphster\gametheorytemplateX.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: profilesong Toolbar: {981e53ba-6df4-4d99-8c33-6c398f5c139e} - c:\program files\profilesong\tbprof.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
TB: Morphster: {a5261eca-0e9b-48c8-9567-2673ee57b299} - c:\program files\morphster\gametheorytemplateX.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_7
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [TorrentEasy_29362f8e3a4f62b9bc216d9dd3be7cd6e95df01a] "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1bllevkg\TorrentEasy-the-twilight-zone-complete-156-episodes-xvid-by-lthown[1].exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CHotkey] zHotkey.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [OurTech Agent Service Helper] c:\program files\kaseya\agent\KaUsrTsk.exe
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe" /md I
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
dRun: [Power2GoExpress] NA
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\sierra\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145552419062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\WINDOW
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 459728]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-3-4 54760]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-12 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-12 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-12 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-12 148520]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2011-4-18 268768]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-4-18 1723840]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-4-18 57440]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-12 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-12 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-12 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-12 88544]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys --> c:\windows\system32\drivers\mfetdi2k.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2008-10-13 14336]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-12 55840]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2011-4-18 360529]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-12 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-12 84264]
.
=============== Created Last 30 ================
.
2011-05-09 02:06:32 -------- dc----w- c:\docume~1\owner\applic~1\morphster
2011-05-09 01:30:22 -------- dc----w- c:\docume~1\owner\applic~1\gametheorytemplate
2011-05-06 23:36:32 1409 ----a-w- c:\windows\QTFont.for
2011-05-06 23:34:56 29544 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-05-06 07:18:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-06 07:18:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-04 04:48:36 -------- dc----w- c:\docume~1\owner\applic~1\Malwarebytes
2011-05-04 04:48:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 04:48:28 -------- dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-04 04:48:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 04:48:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 17:22:18 -------- dc----w- c:\docume~1\owner\applic~1\Funswitch
2011-04-28 01:23:52 -------- dc----w- c:\docume~1\owner\applic~1\Artogon
2011-04-27 05:37:24 460 ----a-w- c:\program files\042720110372396.bat
2011-04-26 19:48:25 -------- dc----w- c:\docume~1\alluse~1\applic~1\LittleGamesCompany
2011-04-26 19:48:24 -------- dc----w- c:\docume~1\owner\applic~1\LittleGamesCompany
2011-04-24 21:58:16 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Help
2011-04-24 13:49:17 -------- dc----w- c:\docume~1\alluse~1\applic~1\TorrentEasy
2011-04-23 05:19:17 -------- d-----w- c:\program files\Search Toolbar
2011-04-23 05:19:15 819200 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-23 05:19:15 77824 ----a-w- c:\windows\system32\xvid.ax
2011-04-23 05:19:15 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-04-23 05:19:15 -------- d-----w- c:\program files\Xvid
2011-04-22 19:44:40 -------- d-----w- c:\program files\BitTorrent
2011-04-22 19:43:41 -------- dc----w- c:\docume~1\owner\applic~1\BitTorrent
2011-04-21 05:53:40 -------- dc----w- c:\docume~1\owner\applic~1\IBAGroup
2011-04-20 20:59:33 -------- dc----w- c:\docume~1\owner\applic~1\Playrix Entertainment
2011-04-19 21:06:10 -------- dc----w- c:\docume~1\owner\applic~1\Lazy Turtle Games
2011-04-18 20:10:56 -------- dc-h--r- c:\docume~1\alluse~1\applic~1\Atheros
2011-04-18 20:08:48 -------- dc----w- C:\temp
.
==================== Find3M ====================
.
2011-03-16 09:08:09 0 ----a-w- c:\windows\system32\39.tmp
2011-03-15 13:08:09 0 ----a-w- c:\windows\system32\21.tmp
2011-03-14 08:11:41 0 -c-ha-w- c:\documents and settings\owner\zwrlmxzyfw.tmp
2011-03-14 08:03:09 203776 --sh--w- c:\windows\system32\unrar.exe
2011-03-13 16:45:14 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-06 23:56:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-06 23:56:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-04 08:48:12 96608 ----a-w- c:\program files\SilverlightWithDefaults.exe
2011-02-20 12:34:57 41497800 ----a-w- c:\program files\yahoo-Ricochet_Infinity-setup.exe
2010-10-12 00:50:52 8018447 ----a-w- c:\program files\Frostwire 4.21.1.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BB-00GUC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x856AC730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x856b2a10]; MOV EAX, [0x856b2a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE136] -> \Device\Harddisk0\DR0[0x85755AB8]
3 CLASSPNP[0xF762D05B] -> ntkrnlpa!IofCallDriver[0x804EE136] -> \Device\00000091[0x856EAF18]
5 ACPI[0xF7433620] -> ntkrnlpa!IofCallDriver[0x804EE136] -> [0x85752940]
\Driver\atapi[0x85737830] -> IRP_MJ_CREATE -> 0x856AC730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x856AC57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:19:20.95 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/14/2006 12:17:11 PM
System Uptime: 5/8/2011 11:37:37 PM (1 hours ago)
.
Motherboard: To be filled by O.E.M. | | MS-7207G
Processor: AMD Athlon™ 64 Processor 3500+ | CPU 1 | 2210/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 107.597 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.71 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 5/1/2011 4:21:44 AM - System Checkpoint
RP2: 5/1/2011 4:54:02 PM - Restore Operation
RP3: 5/4/2011 6:21:14 AM - System Checkpoint
RP4: 5/4/2011 10:52:41 PM - Installed Compatibility Pack for the 2007 Office system
RP5: 5/6/2011 2:17:02 AM - Restore Operation
.
==== Installed Programs ======================
.
Absolute Uninstaller 2.8.0.636
Acrobat.com
Adobe Acrobat 8 Standard
Adobe Acrobat 4.0
Adobe Acrobat 8.1.0 Standard
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Ask Toolbar
Bejeweled Twist 1.0
Big Fish Games: Game Manager
BitTorrent
blinkx beat
Boggle
BookWorm Deluxe 1.03
Cartoonly
Conduit Engine
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.6
Digital Media Reader
Disk SpeedUp 1.2.0.319
DVD Solution
Dynomite Deluxe 2.71
Eternity
Event Planner
FrostWire 4.21.5
Gardenscapes 1.00
Google Toolbar for Internet Explorer
Google Update Helper
Gravely Silent House of Deadlock Collectors Edition 1.00
Guardians of Magic Amandas Awakening 1.00
Hallmark Card Studio 3 Deluxe
Haunted Hotel 2 - Believe the Lies 1.00
Hidden Expedition &reg; - Devil's Triangle
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
hp deskjet 6122
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
Legends Of The Lost 1.0
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 7.0
Midnight Mysteries 2 Salem Witch Trials 1.00
Millionaire Manor The Hidden Object Show 3 1.00
Morphster
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Multimedia Keyboard Driver
Mystery Case Files &reg;: Dire Grove
NETGEAR WNA1100 wireless USB 2.0 adapter
NVIDIA Drivers
Penguin Puzzle
Power2Go 4.0
PowerDVD
QODBC Driver
Quick Web Player
QuickBooks Product Listing Service
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Rocket Mania Deluxe 1.02
Search Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Shiver Vanishing Hitchhiker Collectors Edition 1.00
Soft Data Fax Modem with SmartCP
The Secret of Margrave Manor
TurboTax ItsDeductible 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
ViewSonic Monitor Drivers
Virtual Hypnotist 5.8
Voodoo Whisperer Curse of a Legend Collectors Edition 1.00
WebFldrs XP
Windows Backup Utility
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip 15.5
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.2 final uninstall
Zuma Deluxe 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/8/2011 3:40:23 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/8/2011 11:38:33 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
5/8/2011 1:59:49 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/6/2011 2:20:58 AM, error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 2:20:58 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/6/2011 2:20:58 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/6/2011 2:20:58 AM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
5/6/2011 2:20:58 AM, error: Service Control Manager [7023] - The Intel CPU service terminated with the following error: The specified module could not be found.
5/6/2011 2:04:58 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/6/2011 2:04:38 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address E091F556863C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/6/2011 2:02:00 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/6/2011 12:07:49 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 2 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).
5/6/2011 11:29:25 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2011 11:29:25 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2011 1:41:30 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/6/2011 1:38:20 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD8-2166-11D1-B1D0-00805FC1270E}
5/6/2011 1:35:50 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126ADB-2166-11D1-B1D0-00805FC1270E}
5/5/2011 3:24:31 AM, error: Print [19] - Sharing printer failed + 1722, Printer HP Office share name HPOffice.
5/4/2011 9:51:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mfetdi2k mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
5/4/2011 9:51:16 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
5/4/2011 4:05:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfetdi2k
5/4/2011 10:47:52 PM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
5/3/2011 5:40:37 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WindowsShell.manifest. Reference error message: Error Message is unavailable .
5/3/2011 10:08:48 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 4 time(s).
5/3/2011 10:08:48 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 4 time(s).
5/3/2011 10:08:48 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 4 time(s).
5/3/2011 10:08:48 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 4 time(s).
5/3/2011 10:08:48 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 4 time(s).
5/3/2011 10:08:48 AM, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 4 time(s).
.
==== End Of File ===========================

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-09 00:42:31
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600BB-00GUC0 rev.08.02D08
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdrpoc.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7327D70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7327D84]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7327DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7327E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7327D5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7327D34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7327D48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7327D9A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7327DDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7327DC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7327E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7327E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7327DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 805021FC 7 Bytes JMP F7327DF4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A70D8 7 Bytes JMP F7327E0A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A7EEE 5 Bytes JMP F7327E20 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B551A 5 Bytes JMP F7327DE0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C0DD4 5 Bytes JMP F7327D38 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C1060 5 Bytes JMP F7327D4C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8724 5 Bytes JMP F7327E34 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80618536 7 Bytes JMP F7327DCA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 8061989C 7 Bytes JMP F7327D9E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80619E76 5 Bytes JMP F7327D74 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A306 7 Bytes JMP F7327D88 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A4D6 7 Bytes JMP F7327DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B20C 5 Bytes JMP F7327D60 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? oakd.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6D83360, 0x1FE48D, 0xE8000020]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[364] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\services.exe[364] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C80011
.text C:\WINDOWS\system32\services.exe[364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C80FE5
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01570FEF
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01570F66
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0157005B
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01570F81
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0157004A
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01570FA8
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01570F3A
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01570F4B
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01570EDF
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01570EFA
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01570ECE
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0157002F
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01570FDE
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01570076
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0157001E
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01570FCD
.text C:\WINDOWS\system32\services.exe[364] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01570F15
.text C:\WINDOWS\system32\services.exe[364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01560036
.text C:\WINDOWS\system32\services.exe[364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0156006C
.text C:\WINDOWS\system32\services.exe[364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01560025
.text C:\WINDOWS\system32\services.exe[364] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01560014
.text C:\WINDOWS\system32\services.exe[364] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01560FAF
.text C:\WINDOWS\system32\services.exe[364] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01560FEF
.text C:\WINDOWS\system32\services.exe[364] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 01560FC0
.text C:\WINDOWS\system32\services.exe[364] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [76, 89] {JBE 0xffffffffffffff8b}
.text C:\WINDOWS\system32\services.exe[364] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01560047
.text C:\WINDOWS\system32\services.exe[364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0042
.text C:\WINDOWS\system32\services.exe[364] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0027
.text C:\WINDOWS\system32\services.exe[364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0016
.text C:\WINDOWS\system32\services.exe[364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FC1
.text C:\WINDOWS\system32\services.exe[364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\services.exe[364] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\services.exe[364] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\services.exe[364] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CA0FCA
.text C:\WINDOWS\system32\services.exe[364] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CA0025
.text C:\WINDOWS\system32\services.exe[364] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\lsass.exe[376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C6000A
.text C:\WINDOWS\system32\lsass.exe[376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C60036
.text C:\WINDOWS\system32\lsass.exe[376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C6001B
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01020F52
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01020051
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01020F83
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01020F94
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01020FC0
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0102007F
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01020F37
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0102009A
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01020F01
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 010200B5
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01020FA5
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01020011
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01020062
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01020FD1
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0102002C
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01020F12
.text C:\WINDOWS\system32\lsass.exe[376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01010FC3
.text C:\WINDOWS\system32\lsass.exe[376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01010F61
.text C:\WINDOWS\system32\lsass.exe[376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01010FDE
.text C:\WINDOWS\system32\lsass.exe[376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0101000A
.text C:\WINDOWS\system32\lsass.exe[376] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01010F7C
.text C:\WINDOWS\system32\lsass.exe[376] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\lsass.exe[376] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 01010F8D
.text C:\WINDOWS\system32\lsass.exe[376] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [21, 89]
.text C:\WINDOWS\system32\lsass.exe[376] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01010FA8
.text C:\WINDOWS\system32\lsass.exe[376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C90FA3
.text C:\WINDOWS\system32\lsass.exe[376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C9002E
.text C:\WINDOWS\system32\lsass.exe[376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C9000C
.text C:\WINDOWS\system32\lsass.exe[376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\lsass.exe[376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C9001D
.text C:\WINDOWS\system32\lsass.exe[376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C90FDE
.text C:\WINDOWS\system32\lsass.exe[376] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C80FE5
.text C:\WINDOWS\system32\lsass.exe[376] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C7000A
.text C:\WINDOWS\system32\lsass.exe[376] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C70FE5
.text C:\WINDOWS\system32\lsass.exe[376] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C70FD4
.text C:\WINDOWS\system32\lsass.exe[376] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00C7002F
.text C:\WINDOWS\system32\svchost.exe[536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A2002C
.text C:\WINDOWS\system32\svchost.exe[536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A20011
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A70087
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A70F88
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A70FAF
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A70062
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A7003D
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A700C9
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A700A2
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A700F5
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A700E4
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A70106
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A70FC0
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A70FE5
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A70F77
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A70022
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A70011
.text C:\WINDOWS\system32\svchost.exe[536] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A70F66
.text C:\WINDOWS\system32\svchost.exe[536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A60047
.text C:\WINDOWS\system32\svchost.exe[536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A60FA5
.text C:\WINDOWS\system32\svchost.exe[536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A60036
.text C:\WINDOWS\system32\svchost.exe[536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\svchost.exe[536] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A60FC0
.text C:\WINDOWS\system32\svchost.exe[536] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[536] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00A60FD1
.text C:\WINDOWS\system32\svchost.exe[536] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [C6, 88]
.text C:\WINDOWS\system32\svchost.exe[536] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A60058
.text C:\WINDOWS\system32\svchost.exe[536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50FA4
.text C:\WINDOWS\system32\svchost.exe[536] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50FB5
.text C:\WINDOWS\system32\svchost.exe[536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A50FC6
.text C:\WINDOWS\system32\svchost.exe[536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50FE3
.text C:\WINDOWS\system32\svchost.exe[536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\svchost.exe[536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[536] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[536] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A30025
.text C:\WINDOWS\system32\svchost.exe[536] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[536] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A30FDB
.text C:\WINDOWS\system32\svchost.exe[536] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B20FCA
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B70F79
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B70F94
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B7006C
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B7005B
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B70FAF
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B700A9
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B70F57
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B700DF
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B70F46
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B70F2B
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B70036
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B70F68
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B70FCA
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B7001B
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B700C4
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B60FDE
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B60F86
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B60025
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00B60FA1
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00B60FB2
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [D6, 88]
.text C:\WINDOWS\system32\svchost.exe[604] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00B60FC3
.text C:\WINDOWS\system32\svchost.exe[604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B50025
.text C:\WINDOWS\system32\svchost.exe[604] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B50F9A
.text C:\WINDOWS\system32\svchost.exe[604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B50FC6
.text C:\WINDOWS\system32\svchost.exe[604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\svchost.exe[604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B50FAB
.text C:\WINDOWS\system32\svchost.exe[604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[604] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[604] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B30011
.text C:\WINDOWS\system32\svchost.exe[604] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B30FDB
.text C:\WINDOWS\system32\svchost.exe[604] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00B30FCA
.text C:\WINDOWS\system32\svchost.exe[604] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\svchost.exe[704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008E002C
.text C:\WINDOWS\system32\svchost.exe[704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008E001B
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A600A1
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A60090
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A60FB6
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A60073
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A600ED
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A60F9B
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A60112
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A60F79
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A60F5E
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A60062
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A600C6
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A60051
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A60040
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A60F8A
.text C:\WINDOWS\system32\svchost.exe[704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A50FD1
.text C:\WINDOWS\system32\svchost.exe[704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A50F9B
.text C:\WINDOWS\system32\svchost.exe[704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A50022
.text C:\WINDOWS\system32\svchost.exe[704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A50011
.text C:\WINDOWS\system32\svchost.exe[704] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A50FB6
.text C:\WINDOWS\system32\svchost.exe[704] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[704] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00A50058
.text C:\WINDOWS\system32\svchost.exe[704] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A5003D
.text C:\WINDOWS\system32\svchost.exe[704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910016
.text C:\WINDOWS\system32\svchost.exe[704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910F95
.text C:\WINDOWS\system32\svchost.exe[704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00910FC1
.text C:\WINDOWS\system32\svchost.exe[704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910FA6
.text C:\WINDOWS\system32\svchost.exe[704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910FD2
.text C:\WINDOWS\system32\svchost.exe[704] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\system32\svchost.exe[704] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 008F000A
.text C:\WINDOWS\system32\svchost.exe[704] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\system32\svchost.exe[704] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 008F001B
.text C:\WINDOWS\system32\svchost.exe[704] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 001D0000
.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 001D002C
.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001D001B
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A20F79
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A20064
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A20053
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A20F94
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A20FCA
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A2009A
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A20089
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A200C6
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A20F2D
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A200D7
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A20FAF
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A2000A
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A20F68
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A20036
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A20025
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A200AB
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A10FA5
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A10025
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A1006C
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00A1005B
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A1004A
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A0003D
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00FB2
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A0000C
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A00FC3
.text C:\WINDOWS\system32\svchost.exe[892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009E0036
.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 009E0051
.text C:\WINDOWS\system32\svchost.exe[892] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CF0014
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D4000A
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D40F95
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D40FA6
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D40080
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D40065
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D4004A
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D40F53
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D40F64
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D40F31
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D400C0
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00D40F20
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00D40FC3
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D40025
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00D4009B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00D40FD4
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00D40F42
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D30FC0
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D30051
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D30FDB
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D30011
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00D30036
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00D30000
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00D30F9E
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [F3, 88]
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00D30FAF
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D20FA1
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D2002C
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D20FCD
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D20FBC
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D20011
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[1044] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009E0040
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009E0025
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A30F4B
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A30040
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A30F66
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A30F8D
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A30071
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A30F1F
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A300A4
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A30093
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A30EE6
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A3002F
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A30FDE
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A30F30
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A30F9E
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A30FC3
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A30082
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A20FC3
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A20FA1
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A20014
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A20FDE
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A2005E
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00A20039
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A20FB2
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10FC8
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10049
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FE3
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A1002E
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A1001D
.text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 009F0FAF
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A00FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00380036
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00380FC0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00380FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00380F79
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00380000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00380F8A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [58, 88]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00380FA5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 10134EA0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!CreateDialogParamW 7E427D4F 5 Bytes JMP 10134D20 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 101344A0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] USER32.dll!TrackPopupMenuEx 7E46CD28 5 Bytes JMP 10134600 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390F89
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390F9A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390FC6
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390FB5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1316] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390FD7
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A00FDB
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A50F7E
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A50073
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A50FA5
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A50FB6
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A5003D
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A500C6
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A500B5
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A500F2
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A500E1
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A50F34
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A50058
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A5008E
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A5002C
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A5001B
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A50F63
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A4005B
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A40FDE
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A40F9E
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A40FAF
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A30FAB
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A30FD7
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A30FBC
.text C:\WINDOWS\system32\svchost.exe[1720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A30011
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A10FC3
.text C:\WINDOWS\system32\svchost.exe[1720] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A10014
.text C:\WINDOWS\system32\svchost.exe[1720] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A20000
.text C:\WINDOWS\System32\svchost.exe[1856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\System32\svchost.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 001B0000
.text C:\WINDOWS\System32\svchost.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DD0000
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00DD0078
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00DD0F8D
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DD005B
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00DD0F9E
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00DD0040
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00DD00BF
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00DD00A4
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DD00E4
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DD0F4B
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00DD00F5
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00DD0FB9
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00DD0FE5
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00DD0093
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00DD0FCA
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00DD001B
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00DD0F5C
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC002F
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC006C
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00DC0051
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00DC0000
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00DC0040
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00DC0FC3
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0040
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0FB5
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0FC6
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0025
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB0000
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001D0000
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001D0FE5
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001D0FCA
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001D0FB9
.text C:\WINDOWS\System32\svchost.exe[1856] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DA0FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0015000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380040
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00380FC3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0038001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00380FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 0038000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 0038006C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 0038005B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!DialogBoxParamW 7E42555F 3 Bytes JMP 02CE4EA0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!DialogBoxParamW + 4 7E425563 1 Byte [84]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!CreateDialogParamW 7E427D4F 3 Bytes JMP 02CE4D20 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!CreateDialogParamW + 4 7E427D53 1 Byte [84]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 02CE44A0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] USER32.dll!TrackPopupMenuEx 7E46CD28 5 Bytes JMP 02CE4600 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0039003A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390029
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390018
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2276] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FD4
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015000A
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 002B0FEF
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 002B0FC0
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 002B00B5
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 002B00A4
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 002B0087
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 002B0051
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 002B00DA
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 002B0F9E
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 002B0F63
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 002B00FC
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 002B0F48
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 002B006C
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 002B000A
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 002B0FAF
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 002B0040
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 002B001B
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 002B00EB
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00390FA5
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00390F68
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00390FCA
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00390000
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00390025
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00390FE5
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00390F83
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [59, 88]
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00390F94
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003A0078
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] msvcrt.dll!system 77C293C7 5 Bytes JMP 003A005D
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003A002E
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003A0000
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003A0FE3
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003A001D
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 003B0FEF
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 003B0FD4
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 003B0FC3
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 003B0F9E
.text C:\Program Files\WinZip\WINZIP32.EXE[4152] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 003D0000
.text C:\WINDOWS\explorer.exe[4484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\explorer.exe[4484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009000A
.text C:\WINDOWS\explorer.exe[4484] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\explorer.exe[4484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\explorer.exe[4484] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C1000C
.text C:\WINDOWS\explorer.exe[4484] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0025
.text C:\WINDOWS\explorer.exe[4484] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0F94
.text C:\WINDOWS\explorer.exe[4484] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\explorer.exe[4484] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C000A
.text C:\WINDOWS\explorer.exe[4484] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002C0051
.text C:\WINDOWS\explorer.exe[4484] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\explorer.exe[4484] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 002C0FAF
.text C:\WINDOWS\explorer.exe[4484] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [4C, 88]
.text C:\WINDOWS\explorer.exe[4484] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002C0036
.text C:\WINDOWS\explorer.exe[4484] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D0FAD
.text C:\WINDOWS\explorer.exe[4484] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D0FBE
.text C:\WINDOWS\explorer.exe[4484] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D002E
.text C:\WINDOWS\explorer.exe[4484] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D0000
.text C:\WINDOWS\explorer.exe[4484] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D0FD9
.text C:\WINDOWS\explorer.exe[4484] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D0011
.text C:\WINDOWS\System32\svchost.exe[5132] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0009000A
.text C:\WINDOWS\System32\svchost.exe[5132] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FE5
.text C:\WINDOWS\System32\svchost.exe[5132] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\svchost.exe[5132] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\System32\svchost.exe[5132] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BA000C
.text C:\WINDOWS\System32\svchost.exe[5132] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002E0040
.text C:\WINDOWS\System32\svchost.exe[5132] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002E0076
.text C:\WINDOWS\System32\svchost.exe[5132] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002E0025
.text C:\WINDOWS\System32\svchost.exe[5132] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002E0FEF
.text C:\WINDOWS\System32\svchost.exe[5132] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002E005B
.text C:\WINDOWS\System32\svchost.exe[5132] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002E0000
.text C:\WINDOWS\System32\svchost.exe[5132] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 002E0FB9
.text C:\WINDOWS\System32\svchost.exe[5132] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [4E, 88]
.text C:\WINDOWS\System32\svchost.exe[5132] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002E0FD4
.text C:\WINDOWS\System32\svchost.exe[5132] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 01B8000A
.text C:\WINDOWS\System32\svchost.exe[5132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0043005F
.text C:\WINDOWS\System32\svchost.exe[5132] msvcrt.dll!system 77C293C7 5 Bytes JMP 00430FD4
.text C:\WINDOWS\System32\svchost.exe[5132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00430FEF
.text C:\WINDOWS\System32\svchost.exe[5132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00430000
.text C:\WINDOWS\System32\svchost.exe[5132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00430044
.text C:\WINDOWS\System32\svchost.exe[5132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00430029

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 856AC57B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 856AC57B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 856AC57B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 856AC57B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 856AC57B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-12 856AC57B

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

EDIT: Topics merged ~Budapest

Edited by Budapest, 09 May 2011 - 04:31 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:35 PM

Posted 12 May 2011 - 04:04 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:35 PM

Posted 15 May 2011 - 09:35 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users