Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows recovery, MS removal tool and google redirect


  • This topic is locked This topic is locked
3 replies to this topic

#1 biggdaddy

biggdaddy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 16 May 2011 - 04:03 PM

It Started last night with Windows XP Recovery. I was not able to access internet so I went to this computer and downloaded rkill and MalWareBytes. I ran rkill and MalWareBytes. MalWareBytes was stopped in mid scan so I ran them both again but in safe mode. I had the following show up when I ran Rkill: On the black screen after “Please be patience” was “Access Denied” but it had seem to stop everything. I ran the MBAM and it had 4 or 5 infections that I removed. I rebooted the computer and I started seeing MS Removal Tool. It was late and I was tired and missed seeing the part about running TDSSKILLER. I looked it up on Bleeping Computer and ran Rkill and MalWareBytes again access Denied msg on Rkill. MBAM found virus again and removed them. Tried to do a google search to fix the Windows HOSTS file but was unable to go anywhere because kept redirecting me. Stopped for the night. Woke up and saw I missed the TDSSKILLER and redid everything and ran it./ The TDSSKILLER found one item and cured it. I looked up google redirect and followed steps on that. Now it seems I got rid of everything but the google redirect. Can you help me? This is my son’s computer and he needs it to finish up the school year.
DSS Log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Parent at 14:18:17.43 on Mon 05/16/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.113 [GMT -6:00]
.
AV: My Security Engine *Enabled/Updated* {6FDA9831-3BC4-4DF7-A6AC-18659B6F2A9C}
AV: Total Protection Service *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
FW: My Security Engine *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
E:\INFECTION\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.k12.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MVS Splash] c:\program files\mcafee\managed virusscan\agent\Splash.exe
mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\agent\myAgtTry.Exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "e:\malwarebytes' anti-malware\zry.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware (reboot)] "e:\infection\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179847293578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.5.1.191.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
.
============= SERVICES / DRIVERS ===============
.
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2007-5-30 140864]
R3 McShield;McShield;c:\program files\mcafee\managed virusscan\vscan\McShield.exe [2007-5-30 144960]
R3 MfeAVFK;McAfee Inc.;c:\windows\system32\drivers\MfeAVFK.sys [2007-5-22 72296]
R3 MfeBOPK;McAfee Inc.;c:\windows\system32\drivers\MfeBOPK.sys [2007-5-22 34184]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-5-22 170408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\parent\locals~1\temp\bdmusicb.sys --> c:\docume~1\parent\locals~1\temp\bDMusicb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
.
=============== Created Last 30 ================
.
2011-05-16 19:05:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 04:11:37 0 ---ha-w- c:\windows\Iqumiv.bin
2011-05-16 04:11:29 -------- d-----w- c:\docume~1\parent\locals~1\applic~1\{2F9693B8-CA9B-41F1-85B1-C2C0F10FE058}
2011-05-16 04:10:08 -------- d--h--w- c:\docume~1\alluse~1\applic~1\oK06509FbPoM06509
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ---ha-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ---ha-w- c:\windows\system32\win32k.sys
2011-02-23 02:42:56 398760 ---ha-r- c:\windows\system32\cpnprt2.cid
2011-02-22 23:06:29 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ---ha-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ---ha-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 14:19:09.29 ===============

GERM Log
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-16 14:54:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800AAJS-60WAA0 rev.58.01D58
Running: gmer.exe; Driver: C:\DOCUME~1\Parent\LOCALS~1\Temp\pfdcakob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEE7094FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEE709525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEE70954F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEE70950F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEE7094E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEE709565]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEE709539]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP EE70953D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E38C 5 Bytes JMP EE7094FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A75C4 7 Bytes JMP EE709553 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A83DA 5 Bytes JMP EE709569 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADB5C 7 Bytes JMP EE709513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C7582 5 Bytes JMP EE709529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8DA6 5 Bytes JMP EE7094EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? klmdb.sys The system cannot find the file specified. !
? kpbblvuv.sys The system cannot find the file specified. !
? tsk4.tmp The system cannot find the file specified. !
? C:\DOCUME~1\Parent\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA006E
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F79
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA005D
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0040
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA002F
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00A9
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F57
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00D5
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F3C
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0F21
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0F9E
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F68
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00BA
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FC3
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F61
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930014
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FDE
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F72
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F8D
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FA8
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FA8
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB9
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092001D
.text C:\WINDOWS\system32\svchost.exe[240] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[240] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[240] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[240] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00900036
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0089
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0078
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F94
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F79
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00B5
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F54
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00F7
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F43
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A003D
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00A4
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FD1
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0022
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00DC
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FA8
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029002F
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FB9
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FD4
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F7C
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F97
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0029001E
.text C:\WINDOWS\explorer.exe[576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0053
.text C:\WINDOWS\explorer.exe[576] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0042
.text C:\WINDOWS\explorer.exe[576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A001D
.text C:\WINDOWS\explorer.exe[576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\explorer.exe[576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\explorer.exe[576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\explorer.exe[576] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\explorer.exe[576] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C000A
.text C:\WINDOWS\explorer.exe[576] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C001B
.text C:\WINDOWS\explorer.exe[576] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 002C0036
.text C:\WINDOWS\explorer.exe[576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013E000A
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0093008E
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00930073
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00930058
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00930FA5
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00930FC0
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00930F6D
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009300B5
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00930F41
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00930F5C
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00930F30
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00930047
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00930011
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00930F7E
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00930022
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00930FD1
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009300D0
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920FC3
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920F94
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00920014
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00920FDE
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00920051
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00920036
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920025
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910FA3
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!system 77C293C7 5 Bytes JMP 0091002E
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0091001D
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910FC8
.text C:\WINDOWS\system32\services.exe[764] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910FE3
.text C:\WINDOWS\system32\services.exe[764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EC0084
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EC0073
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EC0062
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EC0FA5
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EC0FC0
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EC0F74
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EC00B0
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC0106
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EC0F63
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EC0F52
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EC0047
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EC0FE5
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EC0095
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EC0036
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EC0025
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EC00D7
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EB0047
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EB0FA5
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EB0036
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EB0011
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EB0062
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EB0FC0
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0B, 89]
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EB0FD1
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EA0053
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EA0038
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EA000C
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EA0FE3
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EA001D
.text C:\WINDOWS\system32\lsass.exe[776] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EA0FD2
.text C:\WINDOWS\system32\lsass.exe[776] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EE0F44
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EE0F5F
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE0F70
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EE0F8D
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EE002F
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EE006F
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EE005E
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EE008A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EE0EF1
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EE0EE0
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EE0FA8
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EE0FDE
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EE0F33
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EE0FC3
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EE0014
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EE0F16
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00ED001B
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00ED005B
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00ED0FCA
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00ED0036
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00ED0FAF
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EC004C
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EC0FC1
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EC001D
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EC0FD2
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EC0FE3
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B40F79
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40F94
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B4006E
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40FAF
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B40051
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B400A9
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B40F57
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B40F2B
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B400C4
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B40F10
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B40FCA
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B40F68
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B40FDB
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B4002C
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B40F46
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B30036
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B30F83
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B3001B
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B30FE5
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B30F94
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B30FA5
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D3, 88]
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B30FC0
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B20F9C
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20FB7
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B2000C
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20027
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20FDE
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B10000
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026A0FEF
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026A0F66
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026A0F77
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026A005B
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026A004A
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026A0FB9
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026A0F3F
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026A0087
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026A00BD
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026A0F24
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026A00CE
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 026A0FA8
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 026A0014
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 026A0076
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 026A0025
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 026A0FD4
.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026A00A2
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 3 Bytes JMP 02690022
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW + 4 77DD6AB3 1 Byte [8A]
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DD776C 3 Bytes JMP 02690F9B
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW + 4 77DD7770 1 Byte [8A]
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77DD7852 3 Bytes JMP 02690011
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA + 4 77DD7856 1 Byte [8A]
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 77DD7946 3 Bytes JMP 02690FE5
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW + 4 77DD794A 1 Byte [8A]
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 3 Bytes JMP 02690FAC
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA + 4 77DDE9F8 1 Byte [8A]
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 3 Bytes JMP 02690000
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA + 4 77DDEFCC 1 Byte [8A]
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0269004E
.text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02690033
.text C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02680064
.text C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!system 77C293C7 5 Bytes JMP 02680FD9
.text C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02680038
.text C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02680000
.text C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02680053
.text C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0268001D
.text C:\WINDOWS\System32\svchost.exe[1120] WS2_32.dll!socket 71AB4211 5 Bytes JMP 023B000A
.text C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01660000
.text C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0166001B
.text C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01660FEF
.text C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01660040
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650087
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065006C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0065005B
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0065002F
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006500BF
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F77
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500FF
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F66
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650F4B
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650098
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650014
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FC3
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006500DA
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640022
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640FAC
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640011
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640069
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00640058
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0064003D
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FB2
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630047
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063002C
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FD7
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900F4B
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900F5C
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00900F6D
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900F94
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900FC0
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00900071
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900F29
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00900EF3
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900082
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009000B1
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900FAF
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900F3A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900036
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900025
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900F04
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008F0025
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008F006C
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008F0FE5
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008F005B
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008F0040
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008F0FAF
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008E003D
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!system 77C293C7 5 Bytes JMP 008E0FA8
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008E0022
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008E0011
.text C:\WINDOWS\system32\svchost.exe[1264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0F6B
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0F86
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0FA1
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C005E
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0028
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C00BD
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C00A2
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0F35
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C0F50
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C00E9
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0039
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C007B
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0FBC
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FCD
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00CE
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0040
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0076
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0025
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0FB9
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0FCA
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0051
.text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0FC1
.text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0042
.text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A001D
.text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FD2
.text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0089
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0F94
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C006E
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0051
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0FAF
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C00BA
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F68
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C00F0
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00D5
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C0101
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0040
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0FDB
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0F79
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0FC0
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0011
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C0F57
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0022
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0F8A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0011
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0047
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0FA5
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0FC0
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0042
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0FB7
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FD2
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A001D
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A000C
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0099000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02CB0000
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02CB0F8B
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02CB0080
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02CB0FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02CB006F
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02CB0054
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02CB00C2
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02CB0F70
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02CB0F44
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02CB00DD
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02CB00EE
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02CB0FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02CB0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02CB009B
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02CB002F
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02CB0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02CB0F55
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02CA0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02CA0F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02CA0025
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02CA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02CA0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02CA0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02CA0051
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02CA0040
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02C90049
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] msvcrt.dll!system 77C293C7 5 Bytes JMP 02C90FBE
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02C9001D
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02C9000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02C9002E
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02C90FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02C60000
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02C6001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02C60036
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 02C60047
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02C80000
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E60FEF
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E60088
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E6006D
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E60F89
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E60F9A
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E60FBC
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E60F40
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E60F5D
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E600CF
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E600BE
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E60F1B
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E60FAB
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E60FDE
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E60F6E
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E60028
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E60FCD
.text C:\Program Files\Messenger\msmsgs.exe[2900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E600AD
.text C:\Program Files\Messenger\msmsgs.exe[2900] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0FB7
.text C:\Program Files\Messenger\msmsgs.exe[2900] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0FC8
.text C:\Program Files\Messenger\msmsgs.exe[2900] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0FE3
.text C:\Program Files\Messenger\msmsgs.exe[2900] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0000
.text C:\Program Files\Messenger\msmsgs.exe[2900] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0038
.text C:\Program Files\Messenger\msmsgs.exe[2900] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA001D
.text C:\Program Files\Messenger\msmsgs.exe[2900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FDE
.text C:\Program Files\Messenger\msmsgs.exe[2900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0F86
.text C:\Program Files\Messenger\msmsgs.exe[2900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB002F
.text C:\Program Files\Messenger\msmsgs.exe[2900] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB0FEF
.text C:\Program Files\Messenger\msmsgs.exe[2900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB0FA1
.text C:\Program Files\Messenger\msmsgs.exe[2900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0000
.text C:\Program Files\Messenger\msmsgs.exe[2900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DB0FB2
.text C:\Program Files\Messenger\msmsgs.exe[2900] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FB, 88]
.text C:\Program Files\Messenger\msmsgs.exe[2900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0FC3
.text C:\Program Files\Messenger\msmsgs.exe[2900] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90FE5
.text C:\Program Files\Messenger\msmsgs.exe[2900] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D80FEF
.text C:\Program Files\Messenger\msmsgs.exe[2900] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D80FDE
.text C:\Program Files\Messenger\msmsgs.exe[2900] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D80014
.text C:\Program Files\Messenger\msmsgs.exe[2900] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00D80039
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03BC0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03BC00AC
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03BC0FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03BC0091
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03BC0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03BC0065
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03BC0F90
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03BC00D8
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03BC0F49
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03BC0F64
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03BC00FD
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03BC0076
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03BC0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03BC00BD
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03BC004A
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03BC002F
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03BC0F75
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02770FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0277006C
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0277002C
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02770011
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02770FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02770000
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0277005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02770FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02760042
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] msvcrt.dll!system 77C293C7 5 Bytes JMP 02760031
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0276000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02760FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02760FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02760FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 025C0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 025C0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 025C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 025C0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02750000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tsk4.tmp
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 PM

Posted 20 May 2011 - 10:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 PM

Posted 23 May 2011 - 07:53 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 PM

Posted 26 May 2011 - 03:05 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users