Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown google redirect virus


  • This topic is locked This topic is locked
34 replies to this topic

#1 latenite

latenite

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 18 June 2011 - 04:23 AM

My computer is infected with a redirecting virus. After performing a google search in IE, Firefox, or Safari, when I click on a link, the result is redirected to one of several sites, such as scour.com, honoluluhomes, e-missingmoney, and others. At other times, the search result link is redirected back to the google search results.

Besides the redirection, system performance is slow, and more prone to Blue screens.

I have attempted to clean using McAfee, Malwarebytes Antim-Malware, and SuperAntispyware. My company's IT dept also tried combofix and others before giving up. All without success.

In following the instructions for this post, I attempted to run the GMER tool, but it hangs partway through the process. Attempted twice, but never got it to finish. Also, this is my second attempt to post to this forum. I believe my first attempt failed, and I apologize if it is duplicated.

Thank you for your help


.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by dnelson at 23:54:04 on 2011-06-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.1953 [GMT -7:00]
.
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\DWRCS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\Program Files\Common Files\Vertical\Wave\TvWksSvc.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\N-able Technologies\Windows Agent\bin\agent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DWRCST.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AutorunsDisabled - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110524094556.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [Spark] c:\program files\spark\Spark.exe
uRun: [VMpTtray.exe] c:\program files\sony\vaio media plus\VMpTtray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitApp
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [PSQLLauncher] "c:\program files\protector suite\launcher.exe" /startup
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\VAIO Sat Survey.exe"
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZocDoc Alerter] c:\program files\zocdoc\zocdoc alerter\launcher.bat
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
StartupFolder: c:\users\dnelson\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\common files\microsoft shared\virtualization handler\CVH.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://vpn.desertridgefp.com/XTSAC.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.desertridgefp.com/MLWebCacheCleaner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxps://showeb004.shc.org/ami/install/amiviewer.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{CC5A7571-56FB-43D0-A7C0-5C1D0F805875} : DhcpNameServer = 10.0.0.6 10.0.0.7
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338} : NameServer = 10.0.0.2,68.2.16.30
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\35561607F696E6475602255637F6274702133303 : NameServer = 10.0.0.2,68.2.16.30
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\35561607F696E6475602255637F6274702133303 : DhcpNameServer = 192.168.5.1 66.75.160.15 66.75.160.16
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\35561607F696E6475602255637F6274702232343 : NameServer = 10.0.0.2,68.2.16.30
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\35561607F696E6475602255637F6274702232343 : DhcpNameServer = 192.168.5.1 66.75.160.15 66.75.160.16
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\445637562747259646765635359444 : NameServer = 10.0.0.2,68.2.16.30
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\445637562747259646765635359444 : DhcpNameServer = 10.0.0.6 10.0.0.7
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\C696E6B6379737 : NameServer = 10.0.0.2,68.2.16.30
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\program files\protector suite\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GO36F4~1.DLL
LSA: Notification Packages = scecli c:\program files\protector suite\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dnelson\appdata\roaming\mozilla\firefox\profiles\q7ufepmx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=mpues&hl=en
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - component: c:\users\dnelson\appdata\roaming\mozilla\firefox\profiles\q7ufepmx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInstall.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\dnelson\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\dnelson\appdata\roaming\mozilla\firefox\profiles\q7ufepmx.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\users\dnelson\appdata\roaming\mozilla\firefox\profiles\q7ufepmx.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: q:\140062.enu\office14\NPAUTHZ.DLL
FF - plugin: q:\140062.enu\office14\NPSPWRAP.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Coupon Manager: {0C7E3F01-99E9-4095-9BDC-F84724960B57} - %profile%\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-30 436728]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-19 162928]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-2-12 119608]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-24 159320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-24 145936]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-5-24 291064]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.2\reporting services\reportserver\bin\ReportingServicesService.exe [2008-12-18 13656]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-8-12 98304]
R2 RumorServer;McAfee Peer Distribution Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-5-24 291064]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2009-1-20 103712]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2009-1-20 353568]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2009-1-20 62752]
R2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swAgent.exe [2010-4-6 189760]
R2 TvWksSvc;Vertical Wave Workstation Service;c:\program files\common files\vertical\wave\TvWksSvc.exe [2011-4-12 130560]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2009-1-20 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-8-12 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R2 Windows Agent Maintenance Service;Windows Agent Maintenance Service;c:\program files\n-able technologies\windows agent\bin\AgentMaint.exe [2011-2-14 28672]
R2 Windows Agent Service;Windows Agent Service;c:\program files\n-able technologies\windows agent\bin\agent.exe [2011-2-14 192512]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-1-20 17408]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-11 29736]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
R3 JMCR_CFS;JMCR_CFS;c:\windows\system32\drivers\jmcr_cfs.sys [2008-7-1 52752]
R3 MfeAVFK;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-30 171296]
R3 MfeBOPK;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-30 58456]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-25 6755840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-8-29 66080]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-12 9344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-1-20 337184]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2009-3-3 86552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-12 30192]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792]
S3 MDGSPIRO;Midmark Spirometer USB Driver (mdgspr.sys);c:\windows\system32\drivers\mdgspr.sys [2010-12-20 11776]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-19 85152]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2009-1-30 34248]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-8-29 4231680]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-8-29 122880]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\solarwinds\tftpserver\SolarWinds TFTP Server.exe [2007-11-1 61440]
S3 SPIROLDR;Midmark Spirometer USB Loader(mdgspldr.sys);c:\windows\system32\drivers\mdgspldr.sys [2010-12-20 11648]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-24 52224]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2009-1-20 83232]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-8-29 722288]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-31 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2011-06-17 17:40:18 72080 ----a-w- c:\users\dnelson\g2mdlhlpx.exe
2011-06-16 12:59:02 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 12:59:00 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 12:58:59 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 10:02:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 10:02:38 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-16 10:02:37 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 20:55:38 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 20:55:38 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 20:55:37 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 20:55:33 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 20:55:32 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 20:55:30 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 20:55:28 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 20:26:10 388608 ----a-w- C:\hijackthis.exe
2011-06-15 20:03:43 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-15 19:25:55 98816 ----a-w- c:\windows\sed.exe
2011-06-15 19:25:55 518144 ----a-w- c:\windows\SWREG.exe
2011-06-15 19:25:55 256512 ----a-w- c:\windows\PEV.exe
2011-06-15 19:25:55 208896 ----a-w- c:\windows\MBR.exe
2011-06-15 16:23:09 -------- d--h--w- c:\windows\system32\dwrcssft
2011-06-15 14:44:59 -------- d-----w- c:\windows\ehome
2011-06-15 06:36:01 -------- d-----w- c:\programdata\MFAData
2011-06-15 06:17:35 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-15 06:16:53 -------- d-----w- c:\programdata\Hitman Pro
2011-06-14 09:12:58 -------- d-----w- c:\windows\RS9_KB960089_ENU
2011-06-07 22:55:14 -------- d-----w- c:\programdata\GroupPolicy
2011-06-07 22:41:09 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-07 22:41:08 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-07 22:41:05 2616320 ----a-w- c:\windows\explorer.exe
2011-06-07 22:41:01 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-07 22:41:01 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-07 22:40:57 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-07 22:40:55 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-07 21:52:53 -------- d-----w- c:\users\dnelson\appdata\local\Alerter
2011-06-07 21:52:25 -------- d-----w- c:\program files\ZocDoc
2011-06-05 22:15:02 -------- d-----w- c:\users\dnelson\appdata\local\Bulents
2011-06-05 22:15:00 81920 ----a-w- c:\windows\system32\bsrgvas.dll
2011-06-05 22:15:00 692224 ----a-w- c:\windows\system32\bsrmgcv.dll
2011-06-05 22:15:00 192512 ----a-w- c:\windows\system32\bsrmgps.dll
2011-06-05 22:14:57 585728 ----a-w- c:\windows\system32\bsratswf.dll
2011-06-05 22:14:57 147456 ----a-w- c:\windows\system32\bsratwmv.dll
2011-06-05 22:14:55 -------- d-----w- c:\program files\BSR Screen Recorder 5
2011-06-05 21:59:51 -------- d-----w- c:\users\dnelson\appdata\local\assembly
2011-06-05 21:59:00 -------- d-----w- c:\users\dnelson\appdata\local\TechSmith
2011-05-24 16:45:57 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2011-05-24 16:45:57 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2011-05-24 16:45:56 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-05-24 16:45:56 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-05-24 16:45:43 145936 ----a-w- c:\windows\system32\mfevtps.exe
2011-05-24 16:45:41 -------- d-----w- c:\program files\common files\McAfee
2011-05-23 00:10:42 -------- d-----w- c:\users\dnelson\appdata\roaming\NextGen
.
==================== Find3M ====================
.
2011-06-12 18:40:00 216888 ----a-w- c:\windows\system32\atsckernel.exe
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 05:10:33 0 ----a-w- c:\windows\system32\sho3F5B.tmp
2011-04-25 06:26:17 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 18:01:36 65024 ----a-w- c:\windows\system32\Vertical.Wave.Api.VoiceFileConversion.dll
2011-04-13 17:54:52 890624 ----a-w- c:\windows\system32\actbar2.ocx
2011-04-13 17:54:52 431872 ----a-w- c:\windows\system32\ssinput1.ocx
2011-04-13 17:54:52 151552 ----a-w- c:\windows\system32\zip32.dll
2011-04-13 17:54:52 102400 ----a-w- c:\windows\system32\unzip32.dll
2011-04-13 03:25:38 535552 ----a-w- c:\windows\system32\TvClient.tsp
2011-04-13 03:10:58 335360 ----a-w- c:\windows\system32\Tvlib.dll
2011-04-13 03:09:06 169472 ----a-w- c:\windows\system32\TVW32.dll
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-03-05 12:12:36 458752 ----a-r- c:\program files\common files\HHActiveX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: FUJITSU_ rev.0000 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8301C000]<< >>UNKNOWN [0x8BDD3000]<< >>UNKNOWN [0x8BE18000]<< >>UNKNOWN [0x873631ED]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8305352F] -> \Device\Harddisk0\DR0[0x8732F580]
\Driver\Disk[0x8732EB08] -> IRP_MJ_CREATE -> 0x8BDD739F
3 [0x8BDD759E] -> ntkrnlpa!IofCallDriver[0x8305352F] -> \Device\Ide\IAAStorageDevice-1[0x86506028]
\Driver\iaStor[0x864F7558] -> IRP_MJ_CREATE -> 0x8B87579A
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:55:52.02 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 PM

Posted 19 June 2011 - 08:41 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Please download Rootkit Unhooker and save it on your desktop.
  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please include the following in your next post:
  • Rootkit Unhooker log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 latenite

latenite
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 19 June 2011 - 06:51 PM

I ran the Rootkit Unhooker, the log file is attached (was unable to post with the log in the body of message, said it was too long). Also, my screen has been flooded by "Win 7 Home Security 2012" alerts. These alerts are now preventing me from doing all sorts of things, such as browsing in IE, launching a screen capture program, etc. I have not done anything with Win 7 Home Security. In fact, I needed to transfer the log file to another computer using a thumb drive, is this dangerous to do? I can send in a photo of the alerts if you want. Waiting for your instructions.

Thank you

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 PM

Posted 19 June 2011 - 08:34 PM

latenite:

Posted Image Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

  • You should disable your anti-malware softwares you have installed so they do not interfere RKill running.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista or Windows 7, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Once the tool has run, do NOT reboot the machine, and then try to run ComboFix (instructions below).
  • If nothing happens or if the tool does not run, please try another one of the links
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 latenite

latenite
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 20 June 2011 - 12:47 AM

I was unable to run RKill under my administrator mode. I restarted into SAFE mode and was able to run RKILL, which resulted in:
Processes terminated by Rkill or while it was running:

C:\Users\Administrator\AppData\Local\lkh.exe
C:\Users\Administrator\AppData\Local\lkh.exe
Then I successfully ran Combofix. After Combofix, I was able to use the internet again, and was able to complete a google search without the redirect. Things seem much better, but I will wait for your confirmation before assuming all is good. Combofix log is below, thank you:

ComboFix 11-06-17.04 - Administrator 06/19/2011 22:28:51.5.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3069.2588 [GMT -7:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\lkh.exe
c:\users\dnelson\g2mdlhlpx.exe
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-20 05:39 . 2011-06-20 05:39 -------- d-----w- c:\users\tvservice\AppData\Local\temp
2011-06-20 05:39 . 2011-06-20 05:39 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2011-06-20 05:39 . 2011-06-20 05:39 -------- d-----w- c:\users\McAfeeMVSUser.DansSony\AppData\Local\temp
2011-06-20 05:39 . 2011-06-20 05:39 -------- d-----w- c:\users\isdmon\AppData\Local\temp
2011-06-20 05:39 . 2011-06-20 05:39 -------- d-----w- c:\users\dnelson\AppData\Local\temp
2011-06-20 05:39 . 2011-06-20 05:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-20 05:39 . 2011-06-20 05:39 -------- d-----w- c:\users\dannelson\AppData\Local\temp
2011-06-16 12:59 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 12:59 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 12:58 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 10:02 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 10:02 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 10:02 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 20:55 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 20:55 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 20:55 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 20:55 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 20:55 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 20:55 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 20:55 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 20:26 . 2011-06-15 20:26 388608 ----a-w- C:\hijackthis.exe
2011-06-15 20:06 . 2011-06-20 05:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-15 16:23 . 2011-06-15 20:49 -------- d--h--w- c:\windows\system32\dwrcssft
2011-06-15 14:44 . 2011-06-15 14:44 -------- d-----w- c:\windows\ehome
2011-06-15 14:44 . 2011-06-15 14:44 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2011-06-15 14:44 . 2011-06-15 14:44 -------- d-----r- c:\users\Public\Recorded TV
2011-06-15 06:36 . 2011-06-15 06:41 -------- d-----w- c:\programdata\MFAData
2011-06-15 06:17 . 2011-06-15 06:17 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-15 06:16 . 2011-06-15 06:16 -------- d-----w- c:\programdata\Hitman Pro
2011-06-14 09:12 . 2011-06-14 09:13 -------- d-----w- c:\windows\RS9_KB960089_ENU
2011-06-07 22:55 . 2011-06-07 22:55 -------- d-----w- c:\programdata\GroupPolicy
2011-06-07 22:41 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-07 22:41 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-07 22:41 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-06-07 22:41 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-07 22:41 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-07 22:40 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-07 22:40 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-07 21:52 . 2011-06-07 21:52 -------- d-----w- c:\users\dnelson\AppData\Local\Alerter
2011-06-07 21:52 . 2011-06-07 21:52 -------- d-----w- c:\program files\ZocDoc
2011-06-05 22:15 . 2011-06-05 22:15 -------- d-----w- c:\users\dnelson\AppData\Local\Bulents
2011-06-05 22:15 . 2011-06-05 22:15 81920 ----a-w- c:\windows\system32\bsrgvas.dll
2011-06-05 22:15 . 2011-06-05 22:15 692224 ----a-w- c:\windows\system32\bsrmgcv.dll
2011-06-05 22:15 . 2011-06-05 22:15 192512 ----a-w- c:\windows\system32\bsrmgps.dll
2011-06-05 22:14 . 2011-06-05 22:14 585728 ----a-w- c:\windows\system32\bsratswf.dll
2011-06-05 22:14 . 2011-06-05 22:14 147456 ----a-w- c:\windows\system32\bsratwmv.dll
2011-06-05 22:14 . 2011-06-05 22:15 -------- d-----w- c:\program files\BSR Screen Recorder 5
2011-06-05 21:59 . 2011-06-05 21:59 -------- d-----w- c:\users\dnelson\AppData\Local\assembly
2011-06-05 21:59 . 2011-06-05 21:59 -------- d-----w- c:\programdata\TechSmith
2011-06-05 21:59 . 2011-06-05 21:59 -------- d-----w- c:\users\dnelson\AppData\Local\TechSmith
2011-06-05 21:59 . 2011-06-05 21:59 -------- d-----w- c:\program files\TechSmith
2011-05-24 16:45 . 2011-01-12 21:11 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2011-05-24 16:45 . 2011-01-12 21:11 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2011-05-24 16:45 . 2011-01-19 17:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-05-24 16:45 . 2011-01-12 21:13 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-05-24 16:45 . 2011-01-19 17:18 145936 ----a-w- c:\windows\system32\mfevtps.exe
2011-05-24 16:45 . 2011-05-24 16:45 -------- d-----w- c:\program files\Common Files\McAfee
2011-05-23 00:10 . 2011-05-23 00:10 -------- d-----w- c:\users\dnelson\AppData\Roaming\NextGen
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 16:25 . 2011-06-15 16:25 620972 ----a-w- C:\Autoruns.zip
2011-06-12 18:40 . 2009-02-12 18:21 216888 ----a-w- c:\windows\system32\atsckernel.exe
2011-05-29 16:11 . 2011-04-01 05:35 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 05:10 . 2011-05-17 05:10 0 ----a-w- c:\windows\system32\sho3F5B.tmp
2011-04-25 06:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-25 05:34 . 2011-04-25 05:34 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-25 05:34 . 2011-04-25 05:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-25 05:34 . 2011-04-25 05:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-25 05:34 . 2011-04-25 05:34 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-25 05:34 . 2011-04-25 05:34 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 05:34 . 2011-04-25 05:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-25 05:34 . 2011-04-25 05:34 367104 ----a-w- c:\windows\system32\html.iec
2011-04-25 05:34 . 2011-04-25 05:34 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-25 05:34 . 2011-04-25 05:34 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 05:34 . 2011-04-25 05:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-25 05:34 . 2011-04-25 05:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-25 05:34 . 2011-04-25 05:34 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-25 05:34 . 2011-04-25 05:34 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 05:34 . 2011-04-25 05:34 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-25 05:34 . 2011-04-25 05:34 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-25 05:34 . 2011-04-25 05:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-25 05:34 . 2011-04-25 05:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 05:34 . 2011-04-25 05:34 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-25 05:34 . 2011-04-25 05:34 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 18:01 . 2011-04-13 18:01 65024 ----a-w- c:\windows\system32\Vertical.Wave.Api.VoiceFileConversion.dll
2011-04-13 17:54 . 2011-04-13 17:54 890624 ----a-w- c:\windows\system32\actbar2.ocx
2011-04-13 17:54 . 2011-04-13 17:54 431872 ----a-w- c:\windows\system32\ssinput1.ocx
2011-04-13 17:54 . 2011-04-13 17:54 102400 ----a-w- c:\windows\system32\unzip32.dll
2011-04-13 03:25 . 2011-04-13 03:25 535552 ----a-w- c:\windows\system32\TvClient.tsp
2011-04-13 03:10 . 2011-04-13 03:10 335360 ----a-w- c:\windows\system32\Tvlib.dll
2011-04-13 03:09 . 2011-04-13 03:09 169472 ----a-w- c:\windows\system32\TVW32.dll
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-03-05 12:12 . 2009-03-05 12:12 458752 ----a-r- c:\program files\Common Files\HHActiveX.dll
2010-07-28 06:30 . 2009-02-12 17:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-06-19 19:59 . 2010-03-31 16:02 889856 ----a-w- c:\program files\mozilla firefox\components\pbgk1_9.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-15_19.44.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-16 10:05 . 2011-06-16 10:05 51024 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.6161_none_80ba6c811e9b4aff\vcomp90.dll
+ 2011-06-16 10:05 . 2011-06-16 10:05 59728 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90RUS.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 42832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90KOR.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 43344 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90JPN.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 61264 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ITA.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 62800 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90FRA.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 61776 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ESP.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 61776 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ESN.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 53584 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 63312 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 36688 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90CHT.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 35664 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90CHS.DLL
+ 2011-06-16 10:05 . 2011-06-16 10:05 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfcm90u.dll
+ 2011-06-16 10:05 . 2011-06-16 10:05 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfcm90.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80KOR.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80JPN.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ITA.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80FRA.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ESP.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80DEU.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80CHT.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80CHS.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 57856 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfcm80u.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 69632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfcm80.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 97280 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll
+ 2011-06-16 12:59 . 2011-04-27 02:15 96768 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.21714_none_8d6bfe38012596f2\mrxsmb20.sys
+ 2011-06-16 12:59 . 2011-04-27 02:17 96768 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.17605_none_8cee31a2e7fef48e\mrxsmb20.sys
+ 2011-06-16 12:59 . 2011-05-04 02:23 97280 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20959_none_8b5f62f4041b197d\mrxsmb20.sys
+ 2011-06-16 12:59 . 2011-05-04 02:43 96256 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16808_none_8b0ad57aead5d4a7\mrxsmb20.sys
+ 2009-07-13 23:42 . 2009-07-14 01:06 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7601.21719_none_7c473478cfe7d918\INETRES.dll
+ 2009-07-13 23:42 . 2009-07-14 01:06 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7601.17609_none_7bc86799b6c21d5d\INETRES.dll
+ 2009-07-13 23:42 . 2009-07-14 01:06 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7600.20958_none_7a349778d2e2c399\INETRES.dll
+ 2009-07-13 23:42 . 2009-07-14 01:06 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7600.16807_none_79e009ffb99d7ec3\INETRES.dll
+ 2011-06-16 10:02 . 2011-04-22 22:49 72704 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20530_none_612658ba76d1b8cd\mshtmled.dll
+ 2011-06-16 10:02 . 2011-04-22 23:26 72704 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16430_none_609cbbef5db41903\mshtmled.dll
+ 2010-08-29 13:22 . 2011-06-18 09:15 56784 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-09-27 21:54 . 2011-06-15 20:38 10148 c:\windows\System32\wdi\ERCQueuedResolutions.dat
- 2010-09-27 21:54 . 2011-06-13 08:56 10148 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 04:55 . 2011-06-18 09:15 45788 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-16 10:02 . 2011-04-22 23:26 72704 c:\windows\System32\mshtmled.dll
- 2011-04-25 05:34 . 2011-04-25 05:34 72704 c:\windows\System32\mshtmled.dll
- 2010-08-30 17:00 . 2011-06-09 15:43 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2010-08-30 17:00 . 2011-06-15 20:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2010-08-29 07:38 . 2011-06-15 19:24 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-29 07:38 . 2011-06-18 09:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-30 17:00 . 2011-06-15 20:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
- 2010-08-30 17:00 . 2011-06-09 15:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
- 2010-08-29 07:38 . 2011-06-15 19:24 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-29 07:38 . 2011-06-18 09:13 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-30 17:00 . 2011-06-15 20:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2010-08-30 17:00 . 2011-06-09 15:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-06-18 09:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-06-15 19:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-30 04:34 . 2011-06-14 15:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-30 04:34 . 2011-06-15 22:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-24 23:27 . 2011-05-24 23:27 60928 c:\windows\Installer\239b28.msp
- 2011-05-09 16:25 . 2011-05-09 16:25 49152 c:\windows\Installer\{CD53B08A-5B75-40F9-9BE7-71E426F4D979}\NewShortcut2_72D526206FC74BD49FF1C24EDA619CDE.exe
+ 2011-05-09 16:25 . 2011-06-15 22:00 49152 c:\windows\Installer\{CD53B08A-5B75-40F9-9BE7-71E426F4D979}\NewShortcut2_72D526206FC74BD49FF1C24EDA619CDE.exe
+ 2011-05-09 16:25 . 2011-06-15 22:00 49152 c:\windows\Installer\{CD53B08A-5B75-40F9-9BE7-71E426F4D979}\NewShortcut1_AEC259FA526F4F7B90B081D6B0A12112.exe
- 2011-05-09 16:25 . 2011-05-09 16:25 49152 c:\windows\Installer\{CD53B08A-5B75-40F9-9BE7-71E426F4D979}\NewShortcut1_AEC259FA526F4F7B90B081D6B0A12112.exe
+ 2011-01-21 22:13 . 2011-06-16 10:04 34144 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-01-21 22:13 . 2011-06-10 06:28 34144 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-01-21 22:13 . 2011-06-10 06:28 42848 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-01-21 22:13 . 2011-06-16 10:04 42848 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\msouc.exe
- 2011-01-21 22:13 . 2011-06-10 06:28 19296 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-01-21 22:13 . 2011-06-16 10:04 19296 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-20 18:16 . 2011-06-10 10:11 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-20 18:16 . 2011-06-16 10:11 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-20 18:16 . 2011-06-10 10:11 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-20 18:16 . 2011-06-16 10:11 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-20 18:16 . 2011-06-10 10:11 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-20 18:16 . 2011-06-16 10:11 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-12-02 20:53 . 2011-06-10 06:27 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-02 20:53 . 2011-06-16 10:04 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-16 10:13 . 2011-06-16 10:13 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC35E.tmp\stdole.dll
- 2011-06-15 16:12 . 2011-06-15 16:12 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\8402312fb58398b71220d7cca7962ccf\stdole.ni.dll
+ 2011-06-16 10:21 . 2011-06-16 10:21 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\8402312fb58398b71220d7cca7962ccf\stdole.ni.dll
+ 2010-08-30 17:01 . 2011-06-17 05:19 6554 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299088162-2963470075-2583112387-1138_UserData.bin
+ 2011-06-20 05:22 . 2011-06-20 05:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-15 18:03 . 2011-06-15 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-20 05:22 . 2011-06-20 05:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-15 18:03 . 2011-06-15 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-16 10:05 . 2011-06-16 10:05 653136 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
+ 2011-06-16 10:05 . 2011-06-16 10:05 569680 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
+ 2011-06-16 10:05 . 2011-06-16 10:05 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
+ 2011-06-16 10:04 . 2011-06-16 10:04 159048 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 632656 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 554832 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 479232 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll
+ 2011-06-15 20:55 . 2011-04-25 03:24 338944 c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
+ 2011-06-15 20:55 . 2011-04-25 02:18 338944 c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
+ 2011-06-15 20:55 . 2011-04-25 02:27 338944 c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
+ 2011-06-15 20:55 . 2011-04-25 02:35 338944 c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
+ 2011-06-15 20:55 . 2011-04-25 06:30 187776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\FWPKCLNT.SYS
+ 2011-04-25 06:05 . 2010-11-20 12:29 187776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\FWPKCLNT.SYS
+ 2011-06-15 20:55 . 2011-04-25 04:44 187264 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\FWPKCLNT.SYS
+ 2009-07-13 23:12 . 2009-07-14 01:20 187472 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\FWPKCLNT.SYS
+ 2011-06-15 20:55 . 2011-04-29 03:18 311808 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.21717_none_dc80a2e96dd8b5c7\srv2.sys
+ 2011-06-15 20:55 . 2011-04-29 02:46 310272 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.17608_none_dc02d65454b21363\srv2.sys
+ 2011-06-15 20:55 . 2011-04-29 02:49 311808 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20956_none_da6e05e970d3a048\srv2.sys
+ 2011-06-15 20:55 . 2011-04-29 02:57 309760 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16806_none_da1a78ba578d74c9\srv2.sys
+ 2011-06-15 20:55 . 2011-04-29 03:19 311808 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_dc8b72d56dd099d6\srv.sys
+ 2011-06-15 20:55 . 2011-04-29 02:46 311808 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17608_none_dc0da64054a9f772\srv.sys
+ 2011-06-15 20:55 . 2011-04-29 02:49 311808 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20956_none_da78d5d570cb8457\srv.sys
+ 2011-06-15 20:55 . 2011-04-29 02:57 311296 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16806_none_da2548a6578558d8\srv.sys
+ 2011-06-15 20:55 . 2011-04-29 03:18 114688 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.21717_none_066a37ae878418b8\srvnet.sys
+ 2011-06-15 20:55 . 2011-04-29 02:46 114688 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17608_none_05ec6b196e5d7654\srvnet.sys
+ 2011-06-15 20:55 . 2011-04-29 02:49 114688 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20956_none_04579aae8a7f0339\srvnet.sys
+ 2011-06-15 20:55 . 2011-04-29 02:57 114176 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16806_none_04040d7f7138d7ba\srvnet.sys
+ 2011-06-16 12:59 . 2011-04-27 02:15 123904 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21714_none_822275d1c87d251f\mrxsmb.sys
+ 2011-06-16 12:58 . 2011-04-27 02:17 123904 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17605_none_81a4a93caf5682bb\mrxsmb.sys
+ 2011-06-16 12:59 . 2011-05-04 02:23 123904 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20959_none_8015da8dcb72a7aa\mrxsmb.sys
+ 2011-06-16 12:59 . 2011-05-04 02:43 123392 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16808_none_7fc14d14b22d62d4\mrxsmb.sys
+ 2011-06-16 12:59 . 2011-04-27 02:15 223744 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.21714_none_8b359425c2ce6381\mrxsmb10.sys
+ 2011-06-16 12:59 . 2011-04-27 02:17 223744 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17605_none_8ab7c790a9a7c11d\mrxsmb10.sys
+ 2011-06-16 12:59 . 2011-05-04 02:24 223232 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20959_none_8928f8e1c5c3e60c\mrxsmb10.sys
+ 2011-06-16 12:59 . 2011-05-04 02:43 222720 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16808_none_88d46b68ac7ea136\mrxsmb10.sys
+ 2011-06-16 10:02 . 2011-04-22 22:50 716800 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20530_none_9bdd57ea2a914ae6\jscript.dll
+ 2011-06-16 10:02 . 2011-04-22 23:26 716800 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16430_none_9b53bb1f1173ab1c\jscript.dll
+ 2011-06-15 20:55 . 2011-02-26 05:24 571904 c:\windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.21669_none_bf60231a72fdf665\oleaut32.dll
+ 2011-06-15 20:55 . 2011-02-25 05:34 571904 c:\windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17567_none_bed485bb59e223ed\oleaut32.dll
+ 2011-06-15 20:55 . 2010-12-18 05:30 571904 c:\windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.20861_none_bd71c3c475debfc1\oleaut32.dll
+ 2011-06-15 20:55 . 2010-12-18 05:31 571904 c:\windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16722_none_bd1466f35c9fc98a\oleaut32.dll
+ 2011-06-15 20:55 . 2011-05-03 05:36 741888 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7601.21719_none_7c473478cfe7d918\inetcomm.dll
+ 2011-06-15 20:55 . 2011-05-03 04:30 741376 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7601.17609_none_7bc86799b6c21d5d\inetcomm.dll
+ 2011-06-15 20:55 . 2011-05-03 04:33 740864 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7600.20958_none_7a349778d2e2c399\inetcomm.dll
+ 2011-06-15 20:55 . 2011-05-03 04:50 740864 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7600.16807_none_79e009ffb99d7ec3\inetcomm.dll
+ 2011-06-16 10:02 . 2011-04-22 22:47 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20530_none_7d9fdbf2e18bfd22\ieui.dll
+ 2011-06-16 10:02 . 2011-04-22 23:24 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16430_none_7d163f27c86e5d58\ieui.dll
+ 2011-06-16 10:02 . 2011-04-25 15:29 141104 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20530_none_60a119acbff1241c\sqmapi.dll
+ 2011-06-16 10:02 . 2011-04-25 15:29 141104 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16430_none_60177ce1a6d38452\sqmapi.dll
+ 2010-08-30 04:10 . 2011-06-19 18:03 336864 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:05 . 2011-06-20 05:27 752038 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-06-20 05:27 153338 c:\windows\System32\perfc009.dat
+ 2011-06-16 10:02 . 2011-04-22 23:26 716800 c:\windows\System32\jscript.dll
- 2011-04-25 05:34 . 2011-04-25 05:34 716800 c:\windows\System32\jscript.dll
- 2011-04-25 05:34 . 2011-04-25 05:34 176640 c:\windows\System32\ieui.dll
+ 2011-06-16 10:02 . 2011-04-22 23:24 176640 c:\windows\System32\ieui.dll
- 2010-01-23 20:36 . 2011-06-14 15:41 124496 c:\windows\System32\GDIPFONTCACHEV1.DAT
+ 2010-01-23 20:36 . 2011-06-18 05:45 124496 c:\windows\System32\GDIPFONTCACHEV1.DAT
- 2009-07-14 04:34 . 2011-06-15 16:05 108696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:34 . 2011-06-16 23:17 108696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:47 . 2011-06-20 05:21 422952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-06-15 18:02 422952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-19 11:54 . 2011-04-19 11:54 227328 c:\windows\Installer\239b07.msi
- 2011-01-21 22:13 . 2011-06-10 06:28 571232 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\misc.exe
+ 2011-01-21 22:13 . 2011-06-16 10:04 571232 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\misc.exe
+ 2011-01-21 22:13 . 2011-06-16 10:04 326496 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\joticon.exe
- 2011-01-21 22:13 . 2011-06-10 06:28 326496 c:\windows\Installer\{91140000-00A1-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-01-20 18:16 . 2011-06-16 10:11 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-20 18:16 . 2011-06-10 10:11 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-20 18:16 . 2011-06-10 10:11 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-20 18:16 . 2011-06-16 10:11 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-20 18:16 . 2011-06-16 10:11 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-20 18:16 . 2011-06-10 10:11 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-20 18:16 . 2011-06-16 10:11 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-20 18:16 . 2011-06-10 10:11 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-20 18:16 . 2011-06-10 10:11 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-20 18:16 . 2011-06-16 10:11 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
- 2011-06-10 06:12 . 2011-06-10 06:12 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-06-16 10:05 . 2011-06-16 10:05 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-06-16 10:05 . 2011-06-16 10:05 3781960 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
+ 2011-06-16 10:05 . 2011-06-16 10:05 3766600 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 1093120 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
+ 2011-06-16 10:01 . 2011-06-16 10:01 1101824 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
+ 2011-06-15 20:55 . 2011-04-25 06:31 1301376 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
+ 2011-06-15 20:55 . 2011-04-25 04:31 1290624 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
+ 2011-06-15 20:55 . 2011-04-25 04:44 1298816 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
+ 2011-06-15 20:55 . 2011-04-25 04:56 1286016 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
+ 2011-06-16 10:02 . 2011-04-22 22:59 1797632 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20530_none_9bdd57ea2a914ae6\jscript9.dll
+ 2011-06-16 10:02 . 2011-04-22 23:35 1797632 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16430_none_9b53bb1f1173ab1c\jscript9.dll
+ 2011-06-16 10:02 . 2011-04-22 22:54 9703936 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20530_none_7d9fdbf2e18bfd22\ieframe.dll
+ 2011-06-16 10:02 . 2011-04-22 23:32 9703936 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16430_none_7d163f27c86e5d58\ieframe.dll
+ 2011-06-16 10:02 . 2011-04-22 22:49 1785344 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20530_none_60a119acbff1241c\iertutil.dll
+ 2011-06-16 10:02 . 2011-04-22 23:26 1785344 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16430_none_60177ce1a6d38452\iertutil.dll
+ 2011-06-16 10:02 . 2011-04-22 22:53 1102336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.20530_none_cde0872f0a36df2c\urlmon.dll
+ 2011-06-16 10:02 . 2011-04-22 23:30 1102336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.16430_none_cd56ea63f1193f62\urlmon.dll
- 2011-04-25 05:34 . 2011-04-25 05:34 1102336 c:\windows\System32\urlmon.dll
+ 2011-06-16 10:02 . 2011-04-22 23:30 1102336 c:\windows\System32\urlmon.dll
- 2009-07-14 02:03 . 2011-06-15 14:45 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2011-06-16 10:13 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2011-06-16 10:02 . 2011-04-22 23:26 1785344 c:\windows\System32\iertutil.dll
- 2011-04-25 05:34 . 2011-04-25 05:34 1785344 c:\windows\System32\iertutil.dll
+ 2011-06-16 10:02 . 2011-04-22 23:32 9703936 c:\windows\System32\ieframe.dll
- 2009-07-14 04:34 . 2011-06-15 15:53 7395951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2011-06-16 15:54 7395951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-28 02:53 . 2011-06-20 05:21 8647224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-15 20:38 . 2011-06-20 05:21 2215126 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3299088162-2963470075-2583112387-500-12288.dat
+ 2011-04-25 05:35 . 2011-06-18 09:11 3183948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3299088162-2963470075-2583112387-1138-12288.dat
+ 2011-04-26 08:01 . 2011-06-16 15:18 1215908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1894029365-1084594510-218249250-1012-12288.dat
+ 2011-04-29 19:31 . 2011-04-29 19:31 9006080 c:\windows\Installer\239b98.msp
+ 2011-04-29 19:28 . 2011-04-29 19:28 1995264 c:\windows\Installer\239b1a.msp
+ 2011-03-18 02:20 . 2011-03-18 02:20 1961984 c:\windows\Installer\239afe.msp
+ 2011-05-18 01:28 . 2011-05-18 01:28 6862848 c:\windows\Installer\239ae3.msp
+ 2011-04-29 19:33 . 2011-04-29 19:33 8173568 c:\windows\Installer\239ad9.msp
+ 2011-04-16 15:44 . 2011-04-16 15:44 2770944 c:\windows\Installer\239ac6.msi
- 2009-01-20 18:16 . 2011-06-10 10:11 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-20 18:16 . 2011-06-16 10:11 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-06-16 10:02 . 2011-04-22 22:59 12269056 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20530_none_2c4081ef55966ef5\mshtml.dll
+ 2011-06-16 10:02 . 2011-04-22 23:36 12269056 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16430_none_2bb6e5243c78cf2b\mshtml.dll
+ 2011-06-10 06:12 . 2011-06-16 12:58 17571797 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
+ 2011-06-16 10:02 . 2011-04-22 23:36 12269056 c:\windows\System32\mshtml.dll
+ 2010-09-01 05:36 . 2011-06-16 10:06 47716296 c:\windows\System32\MRT.exe
+ 2011-03-04 20:28 . 2011-03-04 20:28 23081472 c:\windows\Installer\239b85.msp
+ 2011-06-16 10:03 . 2011-06-16 10:03 20333056 c:\windows\Installer\239af0.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-06-13 06:21 5062408 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-06-13 06:21 5062408 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-11 6244896]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-04-13 476480]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-06-13 55048]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-05 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-05 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"ZocDoc Alerter"="c:\program files\ZocDoc\ZocDoc Alerter\launcher.bat" [2011-06-07 61]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointUpgrade.lnk - c:\users\Administrator\AppData\Local\Temp\Logitech\SetPointSI_1\Setup.exe [N/A]
.
c:\users\dnelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-2-28 3207072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-06-13 06:03 100616 ----a-w- c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\Drivers\RCFOX.sys [2008-03-19 86552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-02-07 119608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-12-18 13656]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-11 98304]
R2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [2011-04-13 189760]
R2 TvWksSvc;Vertical Wave Workstation Service;c:\program files\Common Files\Vertical\Wave\TvWksSvc.exe [2011-04-13 130560]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-03-25 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-07 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R2 Windows Agent Maintenance Service;Windows Agent Maintenance Service;c:\program files\N-able Technologies\Windows Agent\bin\AgentMaint.exe [2011-02-15 28672]
R2 Windows Agent Service;Windows Agent Service;c:\program files\N-able Technologies\Windows Agent\bin\agent.exe [2011-02-15 192512]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-01-31 17408]
R3 BlackBox;BlackBox SR2; [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 DAmirr;DAmirr;c:\windows\system32\DRIVERS\DAmirr.sys [x]
R3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R3 JMCR_CFS;JMCR_CFS;c:\windows\system32\DRIVERS\jmcr_cfs.sys [2008-07-02 52752]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2009-10-10 33792]
R3 MDGSPIRO;Midmark Spirometer USB Driver (mdgspr.sys);c:\windows\system32\Drivers\mdgspr.sys [2006-06-20 11776]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-01-19 85152]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-09 4231680]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-09-01 66080]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 122880]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
R3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [2007-11-01 61440]
R3 SPIROLDR;Midmark Spirometer USB Loader(mdgspldr.sys);c:\windows\system32\Drivers\mdgspldr.sys [2006-06-20 11648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 722288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-01 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-01-19 162928]
S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-01-19 145936]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299088162-2963470075-2583112387-1138Core.job
- c:\users\dnelson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 05:12]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299088162-2963470075-2583112387-1138UA.job
- c:\users\dnelson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 05:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}: NameServer = 10.0.0.2,68.2.16.30
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\35561607F696E6475602255637F6274702133303: NameServer = 10.0.0.2,68.2.16.30
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\35561607F696E6475602255637F6274702232343: NameServer = 10.0.0.2,68.2.16.30
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\445637562747259646765635359444: NameServer = 10.0.0.2,68.2.16.30
TCP: Interfaces\{FE16D4BB-4E5B-4598-AC93-96F28F580338}\C696E6B6379737: NameServer = 10.0.0.2,68.2.16.30
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.desertridgefp.com/MLWebCacheCleaner.cab
DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxps://showeb004.shc.org/ami/install/amiviewer.cab
FF - ProfilePath - c:\users\dnelson\AppData\Roaming\Mozilla\Firefox\Profiles\q7ufepmx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=mpues&hl=en
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Coupon Manager: {0C7E3F01-99E9-4095-9BDC-F84724960B57} - %profile%\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3299088162-2963470075-2583112387-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,3b,1b,93,fc,e5,
9f,e0,f8,8c,03,ad,93,92,ea,bb,16,e8,fc
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,3b,1b,3d,55,d6,
10,3c,96,af,01,99,04,bc,a5,48,93,81,17
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,3b,1b,b0,c8,a2,
6d,7f,21,1e,0b,ab,80,23,49,f2,56,11,2e
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e3,
a4,1f,5d,3e,0c,a7,2f,02,f3,02,c4,41,e0
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d8,
cb,7b,f7,3c,06,a1,79,dc,65,c3,8f,cb,b6
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,15,
ef,64,9f,49,0b,a2,36,d6,a9,2b,9c,16,1c
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,fa,
ad,5b,91,b7,54,a1,e0,40,e0,cb,40,f6,10
.
[HKEY_USERS\S-1-5-21-3299088162-2963470075-2583112387-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:8c,7e,00,cc,9b,2b,cc,01
.
[HKEY_USERS\S-1-5-21-3299088162-2963470075-2583112387-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,6d,e8,d4,39,b6,60,43,8d,4c,da,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,6d,e8,d4,39,b6,60,43,8d,4c,da,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(584)
c:\program files\Protector Suite\psqlpwd.dll
c:\program files\Protector Suite\homefus2.dll
c:\program files\Protector Suite\infql2.dll
.
Completion time: 2011-06-19 22:42:01
ComboFix-quarantined-files.txt 2011-06-20 05:42
ComboFix2.txt 2011-06-15 20:05
ComboFix3.txt 2011-06-15 15:24
.
Pre-Run: 114,870,890,496 bytes free
Post-Run: 115,008,376,832 bytes free
.
- - End Of File - - CDFA485DAC6EB07F4E169828A2BEA295

#6 latenite

latenite
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 20 June 2011 - 01:55 AM

I tried another search on Google, and was redirected to Scour.com. So I am still being redirected, but no other problems from Win 7 Home Security. I am still running in SAFE mode.

Thank you

#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 PM

Posted 20 June 2011 - 08:57 AM

latenite:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Please include the following in your next post:
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 latenite

latenite
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 20 June 2011 - 09:38 AM

I tried to run TDSSKiller but was unable. I tried in both Safe mode and regular, and then renamed the application and extension, without success.

I doubleclicked, then a confirmation window asking if I want to run this file, I confirmed, then nothing happens. It appears on the task manager Processes for 10 seconds or so, then disappears.

#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 PM

Posted 20 June 2011 - 10:35 AM

Try this:

Posted Image Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 latenite

latenite
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 20 June 2011 - 10:55 AM

I was able to run aswMBR. It asked if I wanted to get the latest definitions from Avast, and I declined. The log is below:

swMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-20 08:53:24
-----------------------------
08:53:24.311 OS Version: Windows 6.1.7601 Service Pack 1
08:53:24.311 Number of processors: 2 586 0x1706
08:53:24.311 ComputerName: DANSSONY UserName:
08:53:39.240 Initialize success
08:54:19.426 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:54:19.441 Disk 0 Vendor: FUJITSU_ 0000 Size: 305245MB BusType: 3
08:54:19.441 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000087
08:54:19.441 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
08:54:19.441 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000088
08:54:19.441 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
08:54:19.473 Disk 0 MBR read successfully
08:54:19.473 Disk 0 MBR scan
08:54:19.488 Disk 0 Windows 7 default MBR code
08:54:19.504 Disk 0 scanning sectors +625140400
08:54:19.535 Disk 0 scanning C:\Windows\system32\drivers
08:54:25.759 Service scanning
08:54:26.711 Disk 0 trace - called modules:
08:54:26.711 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8656e1ed]<<
08:54:26.727 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86503400]
08:54:26.742 3 CLASSPNP.SYS[8afd559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x856cf028]
08:54:26.742 \Driver\iaStor[0x856c2c08] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8656e1ed
08:54:26.758 Scan finished successfully
08:54:40.907 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
08:54:41.001 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 PM

Posted 20 June 2011 - 09:26 PM

latenite:

I'd like you to try running GMER again - here are some different instructions though:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • GMER log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 latenite

latenite
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 20 June 2011 - 10:19 PM

I logged on in normal mode (not Safe mode). On my first attempt to run GMER, it hung part way through. I tried again and this time it was successful. The log is below. Thank you again for all of your help.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-20 20:15:43
Windows 6.1.7601 Service Pack 1
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fwriapoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B98D098]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B98D0C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B98D0AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B98D084]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 830795C5 5 Bytes JMP 8B98D088 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKey + 13C1 8308B339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C4D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!NtMapViewOfSection 83294398 7 Bytes JMP 8B98D09C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 832A89C3 5 Bytes JMP 8B98D0C6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 832B2642 5 Bytes JMP 8B98D0B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x99033340, 0x3EE577, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[360] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[360] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 003D0FCD
.text C:\Windows\system32\svchost.exe[360] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 003D0FDE
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 003C0F5B
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 003C00B3
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 003C0F1E
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 003C0022
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 003C0F91
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 003C0069
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 003C0058
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 003C0000
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 003C0FE5
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 003C0F03
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 003C0F4A
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 003C0FB6
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 003C003D
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 003C0F76
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 003C0011
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 003C0F2F
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 003C0084
.text C:\Windows\system32\svchost.exe[360] msvcrt.dll!_open 75B37E48 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[360] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 009B001B
.text C:\Windows\system32\svchost.exe[360] msvcrt.dll!system 75B6B16F 5 Bytes JMP 009B0F90
.text C:\Windows\system32\svchost.exe[360] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 009B0FC6
.text C:\Windows\system32\svchost.exe[360] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 009B0FAB
.text C:\Windows\system32\svchost.exe[360] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 003B000A
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 003B0FDE
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 003B0FC3
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 003B0065
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 003B0FEF
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 003B0FB2
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 003B004A
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 003B002F
.text C:\Windows\system32\svchost.exe[360] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 003E0000
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 005D0FE5
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 005D0FD4
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 005D000A
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 005C0F50
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 005C0F09
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 005C0F24
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 005C0FD4
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 005C0F8D
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 005C0065
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 005C0054
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 005C0FEF
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 005C0000
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 005C0EF8
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 005C0F35
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 005C0FC3
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 005C0FA8
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 005C0F6B
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 005C0025
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 005C0094
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 005C0F7C
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 005B0FEF
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 005B0FA8
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 005B004A
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 005B002F
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 005B0FDE
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 005B0F83
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 005B0FB9
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 005B000A
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] msvcrt.dll!_open 75B37E48 5 Bytes JMP 0073000C
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 0073005A
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00730049
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 0073001D
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 0073002E
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00730FE3
.text C:\Windows\system32\inetsrv\inetinfo.exe[564] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 00720FE5
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00B90000
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00B90FDB
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00B90011
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00AB0F51
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00AB00D5
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00AB00C4
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00AB0FCA
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00AB0F80
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00AB0058
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00AB0047
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00AB0000
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00AB0FE5
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00AB0F2F
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00AB009F
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00AB0FAF
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00AB0036
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00AB0084
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00AB001B
.text C:\Windows\system32\services.exe[672] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00AB0F40
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00AB0073
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00C00000
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00C00FC8
.text C:\Windows\system32\services.exe[672] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00C00049
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00C0002E
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00C00FD9
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00C0001D
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00C60000
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00C60FB9
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00C60F94
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00C60040
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00C6001B
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00C60051
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00C60FCA
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00C60FE5
.text C:\Windows\system32\services.exe[672] wininet.dll!InternetOpenA 76F34E2B 5 Bytes JMP 00C50000
.text C:\Windows\system32\services.exe[672] wininet.dll!InternetOpenUrlA 76F3BFCE 5 Bytes JMP 00C50011
.text C:\Windows\system32\services.exe[672] wininet.dll!InternetOpenW 76F6C03E 5 Bytes JMP 00C50FDB
.text C:\Windows\system32\services.exe[672] wininet.dll!InternetOpenUrlW 76F9D722 5 Bytes JMP 00C50FCA
.text C:\Windows\system32\services.exe[672] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 00BA0000
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00040FEF
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00040FC0
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00040000
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00030EFF
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00030043
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00030EAE
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00030FB9
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00030F46
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00030F61
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00030F7C
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00030FDE
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00030FEF
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00030E93
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00030EEE
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00030FA8
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00030F8D
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00030F1A
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 0003000A
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00030ED3
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00030F35
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00060000
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00060FAD
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00060FC8
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 0006001D
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00060038
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00060FE3
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00E9000A
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00E9004A
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00E90079
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00E90FCD
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00E90FEF
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00E90FBC
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00E90FDE
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00E90025
.text C:\Windows\system32\lsass.exe[688] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 00050FE5
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 0039000A
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 0039002F
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00180058
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 0018009F
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00180084
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00180FB2
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00180036
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00180F68
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00180025
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00180FDE
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00180EEF
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00180069
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00180F8D
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00180014
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00180047
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00180FC3
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00180F0A
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00180F39
.text C:\Windows\system32\svchost.exe[828] msvcrt.dll!_open 75B37E48 5 Bytes JMP 003B0000
.text C:\Windows\system32\svchost.exe[828] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 003B0049
.text C:\Windows\system32\svchost.exe[828] msvcrt.dll!system 75B6B16F 5 Bytes JMP 003B0038
.text C:\Windows\system32\svchost.exe[828] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 003B001D
.text C:\Windows\system32\svchost.exe[828] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 003B0FC8
.text C:\Windows\system32\svchost.exe[828] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 003B0FE3
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00410FEF
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00410025
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00410F83
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00410F9E
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00410FDE
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 0041004A
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00410FB9
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00410014
.text C:\Windows\system32\svchost.exe[828] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 003A0000
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00820FEF
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00820FCA
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00820000
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00810F43
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 008100AC
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00810F17
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00810FB9
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 0081006C
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 0081005B
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 0081004A
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00810FE5
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 0081000A
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00810EF2
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00810087
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 0081002F
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00810F9E
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00810F5E
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00810FD4
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00810F28
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00810F79
.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00FE0FEF
.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00FE0025
.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00FE0FA4
.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00FE0FB5
.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00FE000A
.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00FE0FC6
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 0103000A
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 01030FB9
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 01030F9E
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 01030040
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 01030FE5
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 0103005B
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 01030FD4
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 0103001B
.text C:\Windows\system32\svchost.exe[928] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 0085000A
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00F40FEF
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00F40FB9
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00F40FCA
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00F30F68
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00F30F32
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00F300C7
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00F30025
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00F30080
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00F30065
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00F30FA8
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00F3000A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00F30FEF
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00F30F17
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00F30F57
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00F30036
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00F30FB9
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00F30F83
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00F30FDE
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00F300B6
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00F30091
.text C:\Windows\System32\svchost.exe[988] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00FE0FEF
.text C:\Windows\System32\svchost.exe[988] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00FE0F92
.text C:\Windows\System32\svchost.exe[988] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00FE0FB7
.text C:\Windows\System32\svchost.exe[988] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00FE000C
.text C:\Windows\System32\svchost.exe[988] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00FE0027
.text C:\Windows\System32\svchost.exe[988] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00FE0FD2
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00FF0FE5
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00FF0F9E
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00FF002F
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00FF0F83
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00FF0000
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00FF0F72
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00FF0FB9
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00FF0FCA
.text C:\Windows\System32\svchost.exe[988] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 00F90FEF
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00A20000
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00A20FD4
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00A20FEF
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00A10062
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00A100B3
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00A10F1E
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00A10FA5
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00A10F5B
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00A1003D
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00A10022
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00A10FE5
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00A10000
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00A10F0D
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00A1007D
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00A10F8A
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00A10011
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00A10F39
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00A10FC0
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00A10098
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00A10F4A
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00AC0000
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00AC0058
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00AC0FCD
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00AC0022
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00AC003D
.text C:\Windows\System32\svchost.exe[1020] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00AC0011
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00AD0000
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00AD0F9E
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00AD0F72
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00AD0F8D
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00AD0FEF
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00AD0F61
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00AD0FC3
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00AD0FDE
.text C:\Windows\System32\svchost.exe[1020] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 00A30FEF
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00FD0FEF
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00FD0FDE
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00FD000A
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00F80F54
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00F80F28
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00F800B3
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00F80FAF
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00F80058
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00F80F80
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00F8003D
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00F80FD4
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00F80FE5
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00F80F17
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00F80F43
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00F8001B
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00F8002C
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00F80087
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00F8000A
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00F800A2
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00F80F6F
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_open 75B37E48 5 Bytes JMP 01070FEF
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 01070F9E
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!system 75B6B16F 5 Bytes JMP 01070029
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 01070018
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 01070FC3
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 01070FDE
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 01210FEF
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 01210F97
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 01210F7C
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 0121001E
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 01210FD4
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 01210039
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 01210FB2
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 01210FC3
.text C:\Windows\system32\svchost.exe[1056] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 00FE0FEF
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00E10000
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00E10FCA
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00E10FDB
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 009F0F17
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 009F0087
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 009F0EFC
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 009F0F5E
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 772C4775 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 009F0F79
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 009F0F8A
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 009F0ECD
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 009F005B
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 009F0011
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 009F002C
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 009F0F28
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 009F0FAF
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 009F0076
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 009F0F43
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00E30FEF
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00E30FB2
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00E3003D
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00E30011
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00E30022
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00E30000
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00E80000
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00E8002C
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00E80FAF
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00E80047
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00E80FE5
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00E8006C
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00E80FCA
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00E8001B
.text C:\Windows\system32\svchost.exe[1188] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00040025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00040FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00080F43
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00080F28
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 000800B3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00080025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00080F68
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00080040
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00080F8D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00080FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00080FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 000800CE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00080087
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00080FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00080F9E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 0008006C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00080014
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 000800A2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 0008005B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00110000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 0011002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00110FA5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00110047
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00110011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00110F8A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00110FC0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00110FD1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00120FE3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 0012005B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00120FC6
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 0012001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 0012002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00120000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] USER32.dll!EnableWindow 77128D02 5 Bytes JMP 602098BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] USER32.dll!DialogBoxParamW 77143B9B 5 Bytes JMP 601615E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] USER32.dll!DialogBoxIndirectParamW 77153B7F 5 Bytes JMP 60355E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] USER32.dll!DialogBoxParamA 7716CF42 5 Bytes JMP 60355E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] USER32.dll!DialogBoxIndirectParamA 7716D274 5 Bytes JMP 60355EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] USER32.dll!MessageBoxIndirectA 7717E869 5 Bytes JMP 60355DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] USER32.dll!MessageBoxIndirectW 7717E963 5 Bytes JMP 60355D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] USER32.dll!MessageBoxExA 7717E9C9 5 Bytes JMP 60355CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] USER32.dll!MessageBoxExW 7717E9ED 5 Bytes JMP 60355C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WININET.dll!HttpAddRequestHeadersA 76F21B9C 5 Bytes JMP 004C6A90
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WININET.dll!InternetOpenA 76F34E2B 5 Bytes JMP 0013000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WININET.dll!InternetOpenUrlA 76F3BFCE 5 Bytes JMP 0013002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WININET.dll!InternetOpenW 76F6C03E 5 Bytes JMP 0013001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WININET.dll!HttpAddRequestHeadersW 76F6F7A8 5 Bytes JMP 004C6C90
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WININET.dll!InternetOpenUrlW 76F9D722 5 Bytes JMP 00130047
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WS2_32.dll!closesocket 758D3918 5 Bytes JMP 0066000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 00610FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WS2_32.dll!getaddrinfo 758D4296 5 Bytes JMP 007A000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WS2_32.dll!recv 758D6B0E 5 Bytes JMP 0064000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WS2_32.dll!connect 758D6BDD 5 Bytes JMP 0065000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WS2_32.dll!send 758D6F01 5 Bytes JMP 0067000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1208] WS2_32.dll!gethostbyname 758E7673 5 Bytes JMP 0068000A
.text C:\Windows\System32\svchost.exe[1548] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00390000
.text C:\Windows\System32\svchost.exe[1548] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00390FCA
.text C:\Windows\System32\svchost.exe[1548] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00390FE5
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00380F46
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 003800C0
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00380F21
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00380FB9
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00380F79
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00380051
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00380040
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 0038000A
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00380FE5
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 003800DB
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 0038008A
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00380025
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00380F9E
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00380F57
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00380FD4
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 0038009B
.text C:\Windows\System32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00380F68
.text C:\Windows\System32\svchost.exe[1548] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00260000
.text C:\Windows\System32\svchost.exe[1548] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00260FB2
.text C:\Windows\System32\svchost.exe[1548] msvcrt.dll!system 75B6B16F 5 Bytes JMP 0026003D
.text C:\Windows\System32\svchost.exe[1548] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00260022
.text C:\Windows\System32\svchost.exe[1548] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00260FCD
.text C:\Windows\System32\svchost.exe[1548] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00260011
.text C:\Windows\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00270FE5
.text C:\Windows\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00270014
.text C:\Windows\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00270039
.text C:\Windows\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00270F8D
.text C:\Windows\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00270FD4
.text C:\Windows\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00270F7C
.text C:\Windows\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00270FB2
.text C:\Windows\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00270FC3
.text C:\Windows\System32\svchost.exe[1548] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 01190FEF
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 01190FCD
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 01190FDE
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 011800BD
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 011800DF
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 011800CE
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 01180FCA
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 0118006C
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 01180051
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 01180F94
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 01180FE5
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 0118000A
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 01180F39
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 01180F6F
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 01180FA5
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 01180036
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 011800A2
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 0118001B
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 01180F54
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 0118007D
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_open 75B37E48 5 Bytes JMP 01360FE3
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 0136002F
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!system 75B6B16F 5 Bytes JMP 01360014
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 01360FB5
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 01360F9A
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 01360FD2
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 0137000A
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 01370FD4
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 0137005B
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 01370FB9
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 01370FEF
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 01370F9E
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 01370036
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 01370025
.text C:\Windows\system32\svchost.exe[1596] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 01300000
.text C:\Windows\system32\svchost.exe[1744] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 01820FE5
.text C:\Windows\system32\svchost.exe[1744] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 0182000A
.text C:\Windows\system32\svchost.exe[1744] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 01820FD4
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 01810F57
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 01810EFC
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 01810F17
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 01810FCD
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 01810076
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 01810065
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 01810054
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 01810FDE
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 01810FEF
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 018100A2
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 01810091
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 01810FB2
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 01810043
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 01810F72
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 01810014
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 01810F32
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 01810F83
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_open 75B37E48 5 Bytes JMP 018C0FEF
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 018C0FAD
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!system 75B6B16F 5 Bytes JMP 018C0038
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 018C001D
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 018C0FC8
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 018C000C
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 01800000
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 01800025
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 01800F8D
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 01800F9E
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 01800FE5
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 01800F72
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 01800FC3
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 01800FD4
.text C:\Windows\system32\svchost.exe[1744] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 018B0FEF
.text C:\Windows\system32\svchost.exe[1840] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 002F0FE5
.text C:\Windows\system32\svchost.exe[1840] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 002F0014
.text C:\Windows\system32\svchost.exe[1840] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 002F0FD4
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 002E00AC
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 002E0F46
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 002E00D1
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 002E0036
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 002E0076
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 002E0F9E
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 002E0FAF
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 002E0FE5
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 002E0000
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 002E0F35
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 002E0F72
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 002E0047
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 002E0FC0
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 002E0091
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 002E001B
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 002E0F57
.text C:\Windows\system32\svchost.exe[1840] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 002E0F83
.text C:\Windows\system32\svchost.exe[1840] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00DE0FE3
.text C:\Windows\system32\svchost.exe[1840] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00DE0042
.text C:\Windows\system32\svchost.exe[1840] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00DE0031
.text C:\Windows\system32\svchost.exe[1840] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00DE000C
.text C:\Windows\system32\svchost.exe[1840] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00DE0FB7
.text C:\Windows\system32\svchost.exe[1840] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00DE0FD2
.text C:\Windows\system32\svchost.exe[1840] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 0029000A
.text C:\Windows\system32\svchost.exe[1840] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00290047
.text C:\Windows\system32\svchost.exe[1840] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00290076
.text C:\Windows\system32\svchost.exe[1840] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00290FCA
.text C:\Windows\system32\svchost.exe[1840] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 0029001B
.text C:\Windows\system32\svchost.exe[1840] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00290087
.text C:\Windows\system32\svchost.exe[1840] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00290036
.text C:\Windows\system32\svchost.exe[1840] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00290FE5
.text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00310025
.text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 0031000A
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00300076
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 003000B6
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 003000A5
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00300014
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00300F68
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00300040
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 0030002F
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00300F06
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00300F3C
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00300FA8
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00300F8D
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00300F4D
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00300FB9
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00300F2B
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 0030005B
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 0022006D
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!system 75B6B16F 5 Bytes JMP 0022005C
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 0022003A
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 0022004B
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00220029
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00270FD4
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00270FAF
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00270051
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00270025
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00270F8A
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00270036
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00E40FEF
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00E40FCD
.text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00E40FDE
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00E300BA
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!CreateProcessW 7728204D 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00E30F51
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00E300DC
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00E3001B
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00E30073
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00E30062
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00E30F9B
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00E30FD4
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00E30FEF
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00E30F2C
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00E30F76
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00E3002C
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00E30047
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00E300A9
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00E3000A
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00E300CB
.text C:\Windows\system32\svchost.exe[3232] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00E30098
.text C:\Windows\system32\svchost.exe[3232] msvcrt.dll!_open 75B37E48 5 Bytes JMP 0044000C
.text C:\Windows\system32\svchost.exe[3232] msvcrt.dll!_wsystem 75B6B04F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3232] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00440053
.text C:\Windows\system32\svchost.exe[3232] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00440038
.text C:\Windows\system32\svchost.exe[3232] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00440027
.text C:\Windows\system32\svchost.exe[3232] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00440FC8
.text C:\Windows\system32\svchost.exe[3232] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00440FE3
.text C:\Windows\system32\svchost.exe[3232] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00450FEF
.text C:\Windows\system32\svchost.exe[3232] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 0045001B
.text C:\Windows\system32\svchost.exe[3232] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00450F83
.text C:\Windows\system32\svchost.exe[3232] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00450F94
.text C:\Windows\system32\svchost.exe[3232] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00450FD4
.text C:\Windows\system32\svchost.exe[3232] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00450040
.text C:\Windows\system32\svchost.exe[3232] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00450FB9
.text C:\Windows\system32\svchost.exe[3232] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 0045000A
.text C:\Windows\system32\DllHost.exe[3272] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 01180FEF
.text C:\Windows\system32\DllHost.exe[3272] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 0118001B
.text C:\Windows\system32\DllHost.exe[3272] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 0118000A
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 01150F2E
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 01150097
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!CreateProcessA 77282082 1 Byte [E9]
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 01150086
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 0115001E
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 01150F5A
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 01150F6B
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 01150F7C
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 01150FDE
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 01150FEF
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 01150EDD
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 01150F1D
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 01150FA8
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 01150F8D
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 01150057
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 01150FCD
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 01150F0C
.text C:\Windows\system32\DllHost.exe[3272] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 01150F49
.text C:\Windows\system32\DllHost.exe[3272] msvcrt.dll!_open 75B37E48 5 Bytes JMP 010F0FEF
.text C:\Windows\system32\DllHost.exe[3272] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 010F003D
.text C:\Windows\system32\DllHost.exe[3272] msvcrt.dll!system 75B6B16F 5 Bytes JMP 010F0FB2
.text C:\Windows\system32\DllHost.exe[3272] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 010F0011
.text C:\Windows\system32\DllHost.exe[3272] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 010F0022
.text C:\Windows\system32\DllHost.exe[3272] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 010F0000
.text C:\Windows\system32\DllHost.exe[3272] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 01140FE5
.text C:\Windows\system32\DllHost.exe[3272] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 01140FA1
.text C:\Windows\system32\DllHost.exe[3272] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 01140043
.text C:\Windows\system32\DllHost.exe[3272] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 01140032
.text C:\Windows\system32\DllHost.exe[3272] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 01140FD4
.text C:\Windows\system32\DllHost.exe[3272] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 01140F86
.text C:\Windows\system32\DllHost.exe[3272] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 01140FB2
.text C:\Windows\system32\DllHost.exe[3272] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 01140FC3
.text C:\Windows\system32\DllHost.exe[4164] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 01160FE5
.text C:\Windows\system32\DllHost.exe[4164] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 01160FB9
.text C:\Windows\system32\DllHost.exe[4164] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 01160FD4
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 011500B3
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 01150F4A
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 011500DF
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 01150036
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 01150F94
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 01150062
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 01150051
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 01150011
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 01150000
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 01150F39
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 01150F6F
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 01150FCA
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 01150FAF
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 011500A2
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 01150FDB
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 011500C4
.text C:\Windows\system32\DllHost.exe[4164] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 01150091
.text C:\Windows\system32\DllHost.exe[4164] msvcrt.dll!_open 75B37E48 5 Bytes JMP 001C0000
.text C:\Windows\system32\DllHost.exe[4164] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 001C0FB7
.text C:\Windows\system32\DllHost.exe[4164] msvcrt.dll!system 75B6B16F 5 Bytes JMP 001C0FD2
.text C:\Windows\system32\DllHost.exe[4164] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 001C001D
.text C:\Windows\system32\DllHost.exe[4164] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 001C0042
.text C:\Windows\system32\DllHost.exe[4164] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 001C0FE3
.text C:\Windows\system32\DllHost.exe[4164] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 01100000
.text C:\Windows\system32\DllHost.exe[4164] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 01100FB9
.text C:\Windows\system32\DllHost.exe[4164] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 01100F97
.text C:\Windows\system32\DllHost.exe[4164] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 01100FA8
.text C:\Windows\system32\DllHost.exe[4164] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 01100FE5
.text C:\Windows\system32\DllHost.exe[4164] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 01100F7C
.text C:\Windows\system32\DllHost.exe[4164] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 01100025
.text C:\Windows\system32\DllHost.exe[4164] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 01100FD4
.text C:\Windows\Explorer.EXE[5040] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00040FEF
.text C:\Windows\Explorer.EXE[5040] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00040000
.text C:\Windows\Explorer.EXE[5040] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00040FCA
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00090F57
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00090F0D
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 000900AC
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00090FD4
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 0009006C
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00090F94
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00090FAF
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 0009000A
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00090FEF
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 000900C7
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00090091
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00090036
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00090047
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00090F68
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00090025
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00090F32
.text C:\Windows\Explorer.EXE[5040] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00090F79
.text C:\Windows\Explorer.EXE[5040] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00120000
.text C:\Windows\Explorer.EXE[5040] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00120FDB
.text C:\Windows\Explorer.EXE[5040] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00120062
.text C:\Windows\Explorer.EXE[5040] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00120FC0
.text C:\Windows\Explorer.EXE[5040] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00120011
.text C:\Windows\Explorer.EXE[5040] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00120FAF
.text C:\Windows\Explorer.EXE[5040] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00120047
.text C:\Windows\Explorer.EXE[5040] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 0012002C
.text C:\Windows\Explorer.EXE[5040] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00130000
.text C:\Windows\Explorer.EXE[5040] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00130042
.text C:\Windows\Explorer.EXE[5040] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00130027
.text C:\Windows\Explorer.EXE[5040] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00130FC8
.text C:\Windows\Explorer.EXE[5040] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00130FB7
.text C:\Windows\Explorer.EXE[5040] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00130FE3
.text C:\Windows\Explorer.EXE[5040] wininet.dll!InternetOpenA 76F34E2B 5 Bytes JMP 004F000A
.text C:\Windows\Explorer.EXE[5040] wininet.dll!InternetOpenUrlA 76F3BFCE 5 Bytes JMP 004F001B
.text C:\Windows\Explorer.EXE[5040] wininet.dll!InternetOpenW 76F6C03E 5 Bytes JMP 004F0FEF
.text C:\Windows\Explorer.EXE[5040] wininet.dll!InternetOpenUrlW 76F9D722 5 Bytes JMP 004F0FC0
.text C:\Windows\Explorer.EXE[5040] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 01C20FEF
.text C:\Windows\system32\svchost.exe[5420] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[5420] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[5420] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 00010F1E
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 0001007D
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00010F54
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00010F6F
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00010FDB
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00010EE8
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00010F0D
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00010F8A
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 00010F39
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[5420] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[5420] msvcrt.dll!_open 75B37E48 5 Bytes JMP 000E000C
.text C:\Windows\system32\svchost.exe[5420] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 000E004E
.text C:\Windows\system32\svchost.exe[5420] msvcrt.dll!system 75B6B16F 5 Bytes JMP 000E0FC3
.text C:\Windows\system32\svchost.exe[5420] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 000E0FDE
.text C:\Windows\system32\svchost.exe[5420] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 000E0033
.text C:\Windows\system32\svchost.exe[5420] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[5420] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00130000
.text C:\Windows\system32\svchost.exe[5420] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00130FB9
.text C:\Windows\system32\svchost.exe[5420] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00130F94
.text C:\Windows\system32\svchost.exe[5420] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00130036
.text C:\Windows\system32\svchost.exe[5420] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00130FE5
.text C:\Windows\system32\svchost.exe[5420] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 0013005B
.text C:\Windows\system32\svchost.exe[5420] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00130025
.text C:\Windows\system32\svchost.exe[5420] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 00130FD4
.text C:\Windows\system32\svchost.exe[5448] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[5448] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[5448] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 000100B6
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 00010F46
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 000100DB
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00010065
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00010F8D
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 0001004A
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00010F35
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 00010F7C
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 0001002F
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 0001009B
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00010FC3
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 00010F61
.text C:\Windows\system32\svchost.exe[5448] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00010080
.text C:\Windows\system32\svchost.exe[5448] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[5448] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00070F75
.text C:\Windows\system32\svchost.exe[5448] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00070F9A
.text C:\Windows\system32\svchost.exe[5448] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00070FC6
.text C:\Windows\system32\svchost.exe[5448] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00070FAB
.text C:\Windows\system32\svchost.exe[5448] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[5448] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[5448] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 0008003D
.text C:\Windows\system32\svchost.exe[5448] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00080058
.text C:\Windows\system32\svchost.exe[5448] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 00080FC0
.text C:\Windows\system32\svchost.exe[5448] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 0008001B
.text C:\Windows\system32\svchost.exe[5448] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00080F91
.text C:\Windows\system32\svchost.exe[5448] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00080FDB
.text C:\Windows\system32\svchost.exe[5448] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 0008002C
.text C:\Windows\system32\svchost.exe[5448] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 003A0FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ntdll.dll!NtCreateFile 773A55C8 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ntdll.dll!NtCreateProcess 773A5698 5 Bytes JMP 00040025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ntdll.dll!NtProtectVirtualMemory 773A5F18 5 Bytes JMP 00040FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!GetStartupInfoA 77281E10 5 Bytes JMP 000800BD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!CreateProcessW 7728204D 5 Bytes JMP 000800FA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!CreateProcessA 77282082 5 Bytes JMP 00080F65
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!CreateNamedPipeW 772B270F 5 Bytes JMP 00080FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!VirtualProtect 772C2341 5 Bytes JMP 00080076
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!LoadLibraryExW 772C4775 5 Bytes JMP 00080065
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!LoadLibraryExA 772C47FA 5 Bytes JMP 0008004A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!CreateFileW 772CCC56 5 Bytes JMP 00080000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!CreateFileA 772CCEE8 5 Bytes JMP 00080FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!GetProcAddress 772D33D3 5 Bytes JMP 00080F4A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!CreateThread 772D375D 5 Bytes JMP 601C71CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!GetStartupInfoW 772D3891 5 Bytes JMP 000800CE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!LoadLibraryA 772D395C 5 Bytes JMP 0008001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!LoadLibraryW 772D3C01 5 Bytes JMP 00080F9E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!CreatePipe 772E35B7 5 Bytes JMP 000800A2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!CreateNamedPipeA 7730D44F 5 Bytes JMP 00080FCA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!WinExec 7730E5FD 5 Bytes JMP 000800DF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] kernel32.dll!VirtualProtectEx 7730F5D9 5 Bytes JMP 00080091
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ADVAPI32.dll!RegOpenKeyA 7708CC15 5 Bytes JMP 00110000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ADVAPI32.dll!RegCreateKeyA 7708CD01 5 Bytes JMP 00110FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ADVAPI32.dll!RegCreateKeyExA 77091469 5 Bytes JMP 00110091
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ADVAPI32.dll!RegCreateKeyW 77091514 5 Bytes JMP 0011006C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ADVAPI32.dll!RegOpenKeyW 77092459 5 Bytes JMP 00110011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ADVAPI32.dll!RegCreateKeyExW 770940FE 5 Bytes JMP 00110FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ADVAPI32.dll!RegOpenKeyExW 7709468D 5 Bytes JMP 00110051
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ADVAPI32.dll!RegOpenKeyExA 77094907 5 Bytes JMP 0011002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] msvcrt.dll!_open 75B37E48 5 Bytes JMP 00120FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] msvcrt.dll!_wsystem 75B6B04F 5 Bytes JMP 00120022
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] msvcrt.dll!system 75B6B16F 5 Bytes JMP 00120F97
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] msvcrt.dll!_creat 75B6ED29 5 Bytes JMP 00120011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] msvcrt.dll!_wcreat 75B7038E 5 Bytes JMP 00120FB2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] msvcrt.dll!_wopen 75B70570 5 Bytes JMP 00120000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!EnableWindow 77128D02 5 Bytes JMP 602098BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!CallNextHookEx 7712ABE1 5 Bytes JMP 60227A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!UnhookWindowsHookEx 7712ADF9 5 Bytes JMP 6024E9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!DefWindowProcA 7712BB1C 7 Bytes JMP 601C93F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!CreateWindowExA 7712BF40 5 Bytes JMP 601D3223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!SetWindowsHookExW 7712E30C 5 Bytes JMP 6020204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!CreateWindowExW 7712EC7C 5 Bytes JMP 6022FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!DefWindowProcW 7713507D 7 Bytes JMP 60227AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!DialogBoxParamW 77143B9B 5 Bytes JMP 601615E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!DialogBoxIndirectParamW 77153B7F 5 Bytes JMP 60355E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!DialogBoxParamA 7716CF42 5 Bytes JMP 60355E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!DialogBoxIndirectParamA 7716D274 5 Bytes JMP 60355EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!MessageBoxIndirectA 7717E869 5 Bytes JMP 60355DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!MessageBoxIndirectW 7717E963 5 Bytes JMP 60355D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!MessageBoxExA 7717E9C9 5 Bytes JMP 60355CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] USER32.dll!MessageBoxExW 7717E9ED 5 Bytes JMP 60355C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] ole32.dll!OleLoadFromStream 75CF6143 5 Bytes JMP 6035666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WININET.dll!HttpAddRequestHeadersA 76F21B9C 5 Bytes JMP 003D6A90
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WININET.dll!InternetOpenA 76F34E2B 5 Bytes JMP 00130000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WININET.dll!InternetOpenUrlA 76F3BFCE 5 Bytes JMP 0013002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WININET.dll!InternetOpenW 76F6C03E 5 Bytes JMP 0013001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WININET.dll!HttpAddRequestHeadersW 76F6F7A8 5 Bytes JMP 003D6C90
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WININET.dll!InternetOpenUrlW 76F9D722 5 Bytes JMP 00130FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WS2_32.dll!closesocket 758D3918 5 Bytes JMP 00AC000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WS2_32.dll!socket 758D3EB8 5 Bytes JMP 006B0FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WS2_32.dll!getaddrinfo 758D4296 5 Bytes JMP 00AF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WS2_32.dll!recv 758D6B0E 5 Bytes JMP 00A9000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WS2_32.dll!connect 758D6BDD 5 Bytes JMP 00AB000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WS2_32.dll!send 758D6F01 5 Bytes JMP 00AD000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6340] WS2_32.dll!gethostbyname 758E7673 5 Bytes JMP 00AE000A

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device Sftfslh.sys (Microsoft Application Virtualization File System/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000008f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\00000062 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000091 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:316] 8736AE7A
Thread System [4:320] 8736D008

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f555d89
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214f555d89 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 PM

Posted 21 June 2011 - 08:53 PM

Hi,

Are you using a router? If so, what make and model (ie: Linksys WRT54G)?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 latenite

latenite
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 21 June 2011 - 08:56 PM

I'm doing my very best to not use my computer, but I attempted a web search today, and still getting redirected. At least the Win 7 Home Security is not popping up anywhere. Hoping that you can find something in the GMER log. Thank you again for all of your time and help

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 PM

Posted 21 June 2011 - 09:03 PM

I think we cross posted - look up to my last post for a question I had for you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users