Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect (both FF and IE), no audio in browser


  • This topic is locked This topic is locked
30 replies to this topic

#1 ajohnson16

ajohnson16

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 24 June 2011 - 09:45 AM

Hi all,

Working on a situation for my boss where he has a nasty malware problem that is redirecting all of his searches, as well as having no audio in his browser. I've tried several programs that I've known to work before and cannot seem to locate the problem.

Things I've done so far that have failed to resolve the issue:

  • Ran MalwareBytes, Super Anti Spyware and McAfee (each found things and they were quarantined)
  • Rebooted in Safe Mode, ran rKill (didn't stop any processes) and ran the three above again
  • Booted to Kaspersky Rescue Disk using USB drive and scanned, found more things, quarantined/deleted
  • Tried to run TDSSKiller, but it will not open, even if renamed to a random file and extension

Logs are below.

Regards,

Alex

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Run by User at 10:11:07 on 2011-06-24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.311 [GMT -5:00]
.
AV: McAfeeŽ Security-as-a-Service Anti-virus *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaOneXDriver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeDriver.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.winegard.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=_N5AudU8mUJMdThx1AYh0SxVd-0
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uWindows: load=U??
?
uWindows: Run=U??
?
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110302082640.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [HP Network Registry Agent] c:\windows\system32\hpnra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\User\startm~1\programs\startup\qwestq~1.lnk - c:\program files\qwestquicknetworking\WebWorks.exe
StartupFolder: c:\docume~1\User\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jabrad~1.lnk - c:\program files\jabra\jabra pc suite\JabraDeviceService.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-disallowrun: 1 = winampa.exe
mPolicies-system: disablecad = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} - hxxp://vs.mcafeeasap.com/MC/ENU/VS40/bin/myCioAgt.20060504175614.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300288262093
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300288247515
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A6CB1285-C23D-11D5-9FC8-0000F87AB538} - hxxp://www.magtek.com/support/software/downloads/sw/99510076.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://winegardmvp.webex.com/client/T27LC/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{7553DD3A-1333-4F39-85D9-69A1E1180C38} : NameServer = 10.1.10.247,10.1.10.248
TCP: Interfaces\{C6BCE383-D496-434B-9122-AB9C1B9C519C} : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 10.1.10.100 wgrdburl
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\User\application data\mozilla\firefox\profiles\28a0p3hj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\User\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor Enterprise
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\User\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-12 436728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-12 88544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 Intuit Entitlement Service v5.3;Intuit Entitlement Service v5.3;c:\program files\common files\intuit\entitlement client\v5.3\server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2008-7-29 20480]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2010-10-15 324928]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-15 159320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-15 145936]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-6-28 28952920]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-3-2 291064]
R2 QBCRPDBService2010;QBCRPDBService2010;c:\program files\intuit\quickbooks cash register plus 2010\bin\database\CRP1DBMgr10.exe [2007-9-2 131072]
R2 RumorServer;McAfee Peer Distribution Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-3-2 291064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-12 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-12 58456]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2007-9-28 90112]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-7-15 6016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-12 85152]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-9-28 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-7-15 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-7-15 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-7-15 9472]
S3 PortEmulator;Port Emulator (Star);c:\program files\starmicronics\tsp100\software\20070601\portemu.exe [2007-5-27 98304]
S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2010-4-7 828288]
S3 vtcdrv;VTC Driver v5.00;c:\windows\system32\drivers\vtcdrv.sys [2010-5-25 18688]
.
=============== Created Last 30 ================
.
2011-06-23 16:04:30 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-06-21 16:18:20 388096 ----a-r- c:\documents and settings\User\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-21 16:18:15 -------- d-----w- c:\program files\Trend Micro
2011-06-20 19:02:43 -------- d-----w- c:\documents and settings\User\application data\SUPERAntiSpyware.com
2011-06-20 19:02:43 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-20 19:02:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-20 15:59:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-20 15:59:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-13 13:26:44 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-06-13 13:26:12 -------- d-----w- c:\program files\common files\xing shared
2011-06-13 13:25:39 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-06-13 13:25:25 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-05-31 13:09:37 -------- d-----w- c:\program files\LogMeIn Hamachi
.
==================== Find3M ====================
.
2011-06-17 13:06:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 10:20:26.17 ===============

GMER Log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-24 13:27:35
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721060G9SA00 rev.MC3OC10H
Running: dcsnl6yj.exe; Driver: C:\DOCUME~1\jhoff\LOCALS~1\Temp\kxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA5D23620]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF72A70C0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF72A70D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF72A7100]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF72A7156]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF72A70AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72A7084]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72A7098]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF72A70EA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF72A712C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF72A7116]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF72A7180]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF72A716C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF72A7140]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504ABC 7 Bytes JMP F72A7144 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0E34 7 Bytes JMP F72A715A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B1C42 2 Bytes JMP F72A7170 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection + 3 805B1C45 2 Bytes [CF, 76]
PAGE ntkrnlpa.exe!NtSetSecurityObject 805BED70 5 Bytes JMP F72A7130 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CA156 5 Bytes JMP F72A7088 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CA3E2 5 Bytes JMP F72A709C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1680 1 Byte [E9]
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1680 5 Bytes JMP F72A7184 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80620C66 7 Bytes JMP F72A711A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621FCC 7 Bytes JMP F72A70EE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806225A6 5 Bytes JMP F72A70C4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80622A36 7 Bytes JMP F72A70D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622C06 7 Bytes JMP F72A7104 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8062393C 5 Bytes JMP F72A70B0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text KDCOM.DLL!KdSendPacket F79BE345 6 Bytes [FA, 8D, 46, 01, 25, FF]
.text KDCOM.DLL!KdSendPacket F79BE34D 5 Bytes [80, 79, 07, 48, 0D]
.text KDCOM.DLL!KdSendPacket F79BE353 29 Bytes [FF, FF, FF, 40, 0F, B6, F0, ...]
.text KDCOM.DLL!KdSendPacket F79BE371 28 Bytes [FF, FF, FF, 42, 0F, B6, FA, ...]
.text KDCOM.DLL!KdD0Transition + 8 F79BE38E 17 Bytes [08, 03, 55, F8, 03, D8, 81, ...]
.text KDCOM.DLL!KdD0Transition + 1A F79BE3A0 42 Bytes [FF, FF, FF, 43, 0F, B6, C3, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 25 F79BE3CB 6 Bytes [00, C9, C2, 08, 00, 55] {ADD CL, CL; RET 0x8; PUSH EBP}
.text KDCOM.DLL!KdDebuggerInitialize0 + 2C F79BE3D2 23 Bytes [EC, 83, C8, FF, 83, 7D, 08, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 44 F79BE3EA 162 Bytes [42, 5E, F6, C1, 01, 74, 0A, ...]
.text KDCOM.DLL!KdRestore + 2D F79BE48D 1 Byte [43]
.text KDCOM.DLL!KdRestore + 2D F79BE48D 77 Bytes [43, 08, 89, 45, FC, 8B, 55, ...]
.text KDCOM.DLL!KdRestore + 7C F79BE4DC 25 Bytes [C9, C2, 08, 00, 55, 8B, EC, ...]
.text KDCOM.DLL!KdRestore + 97 F79BE4F7 21 Bytes [89, 06, 89, 46, 08, 89, 46, ...]
.text KDCOM.DLL!KdRestore + 19F F79BE5FF 118 Bytes [68, 3B, E6, 9B, F7, FF, 15, ...]
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 2 F79BEF4E 205 Bytes [F0, 8D, 45, FC, 50, 53, 56, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + D0 F79BF01C 2 Bytes [75, 0E] {JNZ 0x10}
PAGEKD KDCOM.DLL!KdReceivePacket + D3 F79BF01F 1 Byte [C0]
PAGEKD KDCOM.DLL!KdReceivePacket + D3 F79BF01F 103 Bytes [C0, 02, 83, C2, 02, 84, DB, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 13B F79BF087 131 Bytes [7D, 0C, B8, 4D, 5A, 00, 00, ...]
PAGEKD ...
? C:\DOCUME~1\jhoff\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[464] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\system32\svchost.exe[716] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[716] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[716] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 0091002C
.text C:\WINDOWS\system32\svchost.exe[716] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 00910011
.text C:\WINDOWS\system32\svchost.exe[716] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00900F59
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00900058
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0090003D
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00900022
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00900011
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00900075
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00900F2D
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009000BC
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009000AB
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00900F08
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00900F80
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00900FDB
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00900F3E
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00900FAF
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00900FC0
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 0090009A
.text C:\WINDOWS\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00950FD4
.text C:\WINDOWS\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0095006C
.text C:\WINDOWS\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00950FE5
.text C:\WINDOWS\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0095001B
.text C:\WINDOWS\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00950051
.text C:\WINDOWS\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00950040
.text C:\WINDOWS\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00950FB9
.text C:\WINDOWS\system32\svchost.exe[716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00940031
.text C:\WINDOWS\system32\svchost.exe[716] msvcrt.dll!system 77C293C7 5 Bytes JMP 00940F9C
.text C:\WINDOWS\system32\svchost.exe[716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00940FC8
.text C:\WINDOWS\system32\svchost.exe[716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\svchost.exe[716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00940FB7
.text C:\WINDOWS\system32\svchost.exe[716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00940FE3
.text C:\WINDOWS\system32\svchost.exe[716] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[716] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\svchost.exe[716] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00920FC3
.text C:\WINDOWS\system32\svchost.exe[716] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00920014
.text C:\WINDOWS\system32\svchost.exe[716] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A3002C
.text C:\WINDOWS\system32\services.exe[880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3001B
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A10F83
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A10078
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A10F9E
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A1005B
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A10036
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A10F50
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A10F61
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A10F24
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A10F35
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A10F13
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A10FB9
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A10F72
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A100B3
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01120040
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01120FB2
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01120025
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01120FEF
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01120065
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01120000
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 01120FC3
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [32, 89]
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01120FD4
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0069
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF004E
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF000C
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0033
.text C:\WINDOWS\system32\services.exe[880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[880] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01480FEF
.text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01480FD4
.text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0148000A
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01470FE5
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 014700AE
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01470089
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01470FAF
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0147006C
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01470036
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 014700BF
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01470F77
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01470106
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 014700EB
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 0147012B
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01470047
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01470000
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01470F9E
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01470FC0
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0147001B
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 014700DA
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014B0FD4
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014B005E
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014B002F
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014B0014
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 014B0FA1
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 014B0FEF
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 014B0FB2
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [6B, 89]
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 014B0FC3
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 014A0FB5
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!system 77C293C7 5 Bytes JMP 014A0FC6
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 014A001B
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014A0FEF
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 014A0036
.text C:\WINDOWS\system32\lsass.exe[892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014A0000
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01490FE5
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009C0FC0
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009B0F4D
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009B0F68
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009B0F83
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009B0F9E
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009B0036
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009B0F04
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009B0F21
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009B0EA9
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009B0EC4
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009B005D
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009B0FAF
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009B0F3C
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009B0FCA
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009B0025
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009B0EDF
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FC0
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F65
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FDB
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F001B
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 009F0F80
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 009F0FA5
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [BF, 88]
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 009F002C
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0FA8
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FCD
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E002C
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E003D
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[1072] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BE0082
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BE0067
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BE0040
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BE0F83
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BE00CB
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BE00AE
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BE00ED
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BE0F54
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00BE00FE
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00BE0093
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00BE00DC
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C2005E
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C20FD4
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00C20FA1
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00C20039
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00C20FB2
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10F99
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C1002E
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FD9
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C1000C
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FC8
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C1001D
.text C:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\Explorer.EXE[1232] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DA0000
.text C:\WINDOWS\Explorer.EXE[1232] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DA0FD4
.text C:\WINDOWS\Explorer.EXE[1232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D80000
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D80F5F
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D80F70
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D80F8D
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D80F9E
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D80040
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D8007B
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D80F33
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D800AE
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D8009D
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00D800C9
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00D80FB9
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00D80F44
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00D8001B
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00D8008C
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F20FCA
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F20051
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F2001B
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F20000
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00F20F94
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00F20FE5
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00F20036
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00F20FAF
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F1003B
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10FB0
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F1000C
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F10FE3
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F10FC1
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F10FD2
.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E70FDE
.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E70FC3
.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E70FB2
.text C:\WINDOWS\Explorer.EXE[1232] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E80000
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 002700AE
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0027009D
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0027008C
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00270FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00270FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 002700E4
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00270F92
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00270109
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00270F70
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00270F5F
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00270065
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 002700C9
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00270040
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00270F81
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A002C
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A0F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A001B
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0000
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 003A0F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 003A0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 003A0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [5A, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 003A0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003B0036
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes JMP 003B0FB5
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003B0011
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003B0FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003B0FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003B0000
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0101000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D60FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00F2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!send 71AB428A 5 Bytes JMP 00FF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 0100000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00F3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00FE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WININET.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 01026B30
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 01026D30
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DB0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DB0000
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DB0011
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00DB0FCA
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 032F0FEF
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 032F0011
.text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 032F0000
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 032E0FEF
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 032E0F5C
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 032E0F77
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 032E0F88
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 032E0051
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 032E0FC0
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 032E0076
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 032E0F3A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 032E00BD
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 032E00AC
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 032E00CE
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 032E0FAF
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 032E0014
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 032E0F4B
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 032E0036
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 032E0025
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WinExec 7C86158D 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 032E0091
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0409002C
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04090051
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04090FD1
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04090011
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 04090F94
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 04090000
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 04090FA5
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [29, 8C]
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 04090FC0
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04080FB9
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!system 77C293C7 5 Bytes JMP 04080044
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04080FEF
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04080000
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04080FD4
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0408001D
.text C:\WINDOWS\System32\svchost.exe[1424] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 04070FEF
.text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 04060000
.text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 04060025
.text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 04060036
.text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 04060FE5
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00810000
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00810FDB
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00810011
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00800FE5
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtectEx 7C801A5D 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00800F61
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00800056
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00800F72
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0080002F
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00800F9E
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00800096
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0080007B
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00800F0E
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00800F1F
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008000C2
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00800F83
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00800F50
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00800FAF
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00800FCA
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008000A7
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00830FCA
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00830062
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0083001B
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00830000
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00830051
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00830FA5
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [A3, 88]
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00830036
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00820038
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!system 77C293C7 5 Bytes JMP 00820FAD
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0082000C
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0082001D
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00820FD2
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF002F
.text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C90F6C
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C9006B
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C90F91
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C90FA2
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C90044
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C90099
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C90F51
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C90EF6
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C90F1B
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C900AA
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C90FBD
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C90011
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C9007C
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C90033
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C90022
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C90F2C
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01480FD4
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0148006C
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01480FEF
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01480025
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01480051
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01480000
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 01480040
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01480FB9
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01470075
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!system 77C293C7 5 Bytes JMP 0147005A
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0147002E
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01470000
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0147003F
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0147001D
.text C:\WINDOWS\system32\svchost.exe[1584] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01460000
.text C:\WINDOWS\system32\svchost.exe[1584] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01450000
.text C:\WINDOWS\system32\svchost.exe[1584] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01450011
.text C:\WINDOWS\system32\svchost.exe[1584] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01450022
.text C:\WINDOWS\system32\svchost.exe[1584] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01450033
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AD0FD4
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AD0014
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AC0095
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AC0084
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AC0FAA
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AC0073
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AC0047
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AC00C6
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AC0F7E
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AC010D
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AC00F2
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00AC0F59
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00AC0058
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00AC0F8F
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00AC0036
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00AC00D7
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B1002F
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B10F9E
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B1000A
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B10FDE
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00B10FAF
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00B1005B
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00B10040
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B00081
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B00066
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B0003A
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B0004B
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B00029
.text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00AE0014
.text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00AE0025
.text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00AE0FDE
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990FEF
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990FD4
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00980F6F
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00980F80
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00980F9B
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00980058
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00980036
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00980F28
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00980F39
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00980F06
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00980095
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009800BA
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00980047
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0098001B
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00980F54
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00980FCA
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00980FDB
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00980F17
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0FC0
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0F79
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 009C0040
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 009C0F94
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [BC, 88]
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 009C0FA5
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B005D
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0042
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0FE3
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0FD2
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0011
.text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009A0000
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015001B
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FE5
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00270FEF
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 002700A7
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00270096
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0027007B
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00270054
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00270FC3
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 002700D5
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00270F8D
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00270F57
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00270F68
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 0027010B
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00270FB2
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0027000A
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 002700B8
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00270FD4
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0027002F
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 002700E6
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036001B
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F83
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0036000A
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FDE
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00360F9E
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00360FEF
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00360FAF
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [56, 88]
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 0036002C
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F90
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] msvcrt.dll!system 77C293C7 5 Bytes JMP 0037001B
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370000
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FE3
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FAB
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FC6
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 012B000A
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 012B0FE5
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 012B0FCA
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[2088] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 012B0FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 344B0FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 344B0011
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 344B0000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 344A0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 344A0F81
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 344A0F92
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 344A006C
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 344A0051
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 344A0025
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 344A00C2
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 344A0F70
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 344A0F1F
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 344A0F44
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 344A00D3
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 344A0036
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 344A0FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 344A0091
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 344A0FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 344A000A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 344A0F55
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 43910FB4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] msvcrt.dll!system 77C293C7 5 Bytes JMP 43910FCF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 4391002E
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 43910000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 4391003F
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 4391001D
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 34490FB2
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 34490068
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 34490FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 34490FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 34490FA1
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 34490FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 34490039
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 34490028
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2144] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 344C0FEF
.text C:\WINDOWS\System32\svchost.exe[2908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[2908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006E0FDE
.text C:\WINDOWS\System32\svchost.exe[2908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006D0F52
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006D0051
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006D0F6D
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006D0F8A
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006D0022
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006D0F37
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006D0073
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006D00BF
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006D00AE
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006D0F0B
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006D0F9B
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 006D0062
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 006D0011
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 006D0FCA
.text C:\WINDOWS\System32\svchost.exe[2908] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006D0F26
.text C:\WINDOWS\System32\svchost.exe[2908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006C0014
.text C:\WINDOWS\System32\svchost.exe[2908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006C004A
.text C:\WINDOWS\System32\svchost.exe[2908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006C0FCD
.text C:\WINDOWS\System32\svchost.exe[2908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006C0FDE
.text C:\WINDOWS\System32\svchost.exe[2908] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 006C0F83
.text C:\WINDOWS\System32\svchost.exe[2908] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[2908] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 006C0F94
.text C:\WINDOWS\System32\svchost.exe[2908] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [8C, 88]
.text C:\WINDOWS\System32\svchost.exe[2908] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 006C0025
.text C:\WINDOWS\System32\svchost.exe[2908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00700FAD
.text C:\WINDOWS\System32\svchost.exe[2908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00700038
.text C:\WINDOWS\System32\svchost.exe[2908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00700FD2
.text C:\WINDOWS\System32\svchost.exe[2908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0070000C
.text C:\WINDOWS\System32\svchost.exe[2908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00700027
.text C:\WINDOWS\System32\svchost.exe[2908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[2908] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[2972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[2972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006E0FE5
.text C:\WINDOWS\System32\svchost.exe[2972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E001B
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006D007D
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006D006C
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006D0F9E
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006D0FAF
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006D0040
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006D00B5
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006D0F6D
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006D0F3E
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006D00E1
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006D00F2
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006D0051
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 006D0098
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 006D0FCA
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 006D001B
.text C:\WINDOWS\System32\svchost.exe[2972] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006D00C6
.text C:\WINDOWS\System32\svchost.exe[2972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006C0FC3
.text C:\WINDOWS\System32\svchost.exe[2972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006C0F8D
.text C:\WINDOWS\System32\svchost.exe[2972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006C0FD4
.text C:\WINDOWS\System32\svchost.exe[2972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[2972] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 006C0F9E
.text C:\WINDOWS\System32\svchost.exe[2972] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[2972] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 006C0040
.text C:\WINDOWS\System32\svchost.exe[2972] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 006C002F
.text C:\WINDOWS\System32\svchost.exe[2972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00700038
.text C:\WINDOWS\System32\svchost.exe[2972] msvcrt.dll!system 77C293C7 5 Bytes JMP 00700FAD
.text C:\WINDOWS\System32\svchost.exe[2972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0070000C
.text C:\WINDOWS\System32\svchost.exe[2972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[2972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0070001D
.text C:\WINDOWS\System32\svchost.exe[2972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00700FD2
.text C:\WINDOWS\System32\svchost.exe[2972] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\svchost.exe[3552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[3552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A50FDB
.text C:\WINDOWS\system32\svchost.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A50011
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A40F77
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A40F88
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A40062
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A40FA5
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A400A2
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A40091
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A40F1A
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A40F35
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A40EFF
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A40047
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A40FE5
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A40F66
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\svchost.exe[3552] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A400B3
.text C:\WINDOWS\system32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FA8
.text C:\WINDOWS\system32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30054
.text C:\WINDOWS\system32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30FC3
.text C:\WINDOWS\system32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30FD4
.text C:\WINDOWS\system32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00A3002F
.text C:\WINDOWS\system32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00A30FE5
.text C:\WINDOWS\system32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00A30F8D
.text C:\WINDOWS\system32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [C3, 88]
.text C:\WINDOWS\system32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\svchost.exe[3552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20F9E
.text C:\WINDOWS\system32\svchost.exe[3552] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20033
.text C:\WINDOWS\system32\svchost.exe[3552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20FDE
.text C:\WINDOWS\system32\svchost.exe[3552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[3552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20FC3
.text C:\WINDOWS\system32\svchost.exe[3552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20018
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00270058
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00270047
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00270F79
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00270F94
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00270FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0027009F
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00270084
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 002700B0
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00270F21
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00270EFC
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00270FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00270073
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0027002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0027001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00270F32
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A0039
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A0076
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A001E
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 003A0065
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 003A0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 003A0054
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 003A0FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E2548CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003B004E
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] msvcrt.dll!system 77C293C7 5 Bytes JMP 003B003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003B0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003B0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003B0FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003B0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB1037 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 46CB0EA6 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WS2_32.dll!connect 71AB406A 5 Bytes JMP 46CB0F36 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WS2_32.dll!send 71AB428A 5 Bytes JMP 46CB130D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 004C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WS2_32.dll!recv 71AB615A 5 Bytes JMP 46CB1B86 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 46CB1895 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WININET.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 01026B30
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 01026D30
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CB0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CB0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CB0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CB0FAF
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00140000
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00140FD4
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00140FE5
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00260FEF
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00260082
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00260071
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00260F97
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00260054
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00260FA8
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 002600C4
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0026009D
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00260F57
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 002600E6
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00260F3C
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0026002F
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0026000A
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00260F72
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00260FC3
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00260FD4
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 002600D5
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FB2
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350043
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FC3
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FD4
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00350F90
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00350FEF
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00350032
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00350FA1
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FB7
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FC8
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0036001D
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360038
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FE3
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 058B000A
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 05930000
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 05930FDB
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 05930FCA
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4600] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 05930FB9
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015001B
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FE5
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00270000
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00270F5C
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00270F6D
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00270F8A
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00270047
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0027002C
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00270089
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0027006C
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00270F1C
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 002700B5
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00270F01
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00270FA5
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00270FE5
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00270F41
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00270FC0
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0027001B
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 002700A4
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] MSVCRT.dll!_wsystem 77C2931E 5 Bytes JMP 00370FB7
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] MSVCRT.dll!system 77C293C7 5 Bytes JMP 00370038
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] MSVCRT.dll!_creat 77C2D40F 5 Bytes JMP 00370FC8
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] MSVCRT.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] MSVCRT.dll!_wcreat 77C2FC9B 5 Bytes JMP 0037001D
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] MSVCRT.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380FC3
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00380051
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0038000A
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00380FD4
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00380036
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00380FE5
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00380F94
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [58, 88]
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00380025
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 06C0000A
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 06C0001B
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 06C0002C
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 06C00FDB
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5620] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0CD80000
.text C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe[6084] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 00AE6520 C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe (Crystal Reports/Business Objects)
.text C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe[6084] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 00AE69F0 C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe (Crystal Reports/Business Objects)
.text C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe[6084] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 00AE69B0 C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe (Crystal Reports/Business Objects)
.text C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe[6084] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 00AE6980 C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe (Crystal Reports/Business Objects)
.text C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe[6084] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 00AE64F0 C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe (Crystal Reports/Business Objects)
.text C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe[6084] msvcrt.dll!free 77C2C21B 5 Bytes JMP 00AE68D0 C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe (Crystal Reports/Business Objects)
.text C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe[6084] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 00AE64E0 C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe (Crystal Reports/Business Objects)
.text C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe[6084] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 00AE6900 C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe (Crystal Reports/Business Objects)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat 9C489C8A

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:112] 86EDDF6A

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Edited by ajohnson16, 24 June 2011 - 01:29 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:27 AM

Posted 30 June 2011 - 01:23 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ajohnson16

ajohnson16
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 30 June 2011 - 02:55 PM

I appreciate the assistance Gringo. Here are the logs below, but I did want to let you know that when attempting to run RKUnHooker, the following prompt appeared:

Posted Image

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Run by user at 13:41:36 on 2011-06-30
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.275 [GMT -5:00]
.
AV: McAfeeŽ Security-as-a-Service Anti-virus *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaOneXDriver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeDriver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Business Objects\Crystal Reports 11\crw32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.winegard.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=_N5AudU8mUJMdThx1AYh0SxVd-0
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uWindows: load=U??
?
uWindows: Run=U??
?
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110302082640.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [HP Network Registry Agent] c:\windows\system32\hpnra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\user\startm~1\programs\startup\qwestq~1.lnk - c:\program files\qwestquicknetworking\WebWorks.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jabrad~1.lnk - c:\program files\jabra\jabra pc suite\JabraDeviceService.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-disallowrun: 1 = winampa.exe
mPolicies-system: disablecad = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} - hxxp://vs.mcafeeasap.com/MC/ENU/VS40/bin/myCioAgt.20060504175614.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300288262093
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300288247515
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A6CB1285-C23D-11D5-9FC8-0000F87AB538} - hxxp://www.magtek.com/support/software/downloads/sw/99510076.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://winegardmvp.webex.com/client/T27LC/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{7553DD3A-1333-4F39-85D9-69A1E1180C38} : NameServer = 10.1.10.247,10.1.10.248
TCP: Interfaces\{C6BCE383-D496-434B-9122-AB9C1B9C519C} : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 10.1.10.100 wgrdburl
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\28a0p3hj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor Enterprise
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\user\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-12 436728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-12 88544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 Intuit Entitlement Service v5.3;Intuit Entitlement Service v5.3;c:\program files\common files\intuit\entitlement client\v5.3\server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2008-7-29 20480]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2010-10-15 324928]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-15 159320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-15 145936]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-6-28 28952920]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-3-2 291064]
R2 QBCRPDBService2010;QBCRPDBService2010;c:\program files\intuit\quickbooks cash register plus 2010\bin\database\CRP1DBMgr10.exe [2007-9-2 131072]
R2 RumorServer;McAfee Peer Distribution Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-3-2 291064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-12 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-12 58456]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2007-9-28 90112]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-7-15 6016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-12 85152]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-9-28 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-7-15 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-7-15 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-7-15 9472]
S3 PortEmulator;Port Emulator (Star);c:\program files\starmicronics\tsp100\software\20070601\portemu.exe [2007-5-27 98304]
S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2010-4-7 828288]
S3 vtcdrv;VTC Driver v5.00;c:\windows\system32\drivers\vtcdrv.sys [2010-5-25 18688]
.
=============== Created Last 30 ================
.
2011-06-23 16:04:30 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-06-21 16:18:20 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-21 16:18:15 -------- d-----w- c:\program files\Trend Micro
2011-06-20 19:02:43 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2011-06-20 19:02:43 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-20 19:02:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-20 15:59:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-20 15:59:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-13 13:26:44 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-06-13 13:26:12 -------- d-----w- c:\program files\common files\xing shared
2011-06-13 13:25:39 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-06-13 13:25:25 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
.
==================== Find3M ====================
.
2011-06-17 13:06:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:50:24.06 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/21/2006 11:31:34 AM
System Uptime: 6/30/2011 8:02:43 AM (5 hours ago)
.
Motherboard: Dell Inc. | | 0TD761
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1664/133mhz
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1664/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 5.068 GiB free.
D: is CDROM (CDFS)
S: is NetworkDisk (NTFS) - 1026 GiB total, 285.596 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1390 WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&360A6DE&0&00E1
Manufacturer: Broadcom
Name: Dell Wireless 1390 WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&360A6DE&0&00E1
Service: BCM43XX
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4300
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4300
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P2035n
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2035n
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro K5400
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet Pro K5400
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 3055
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: HP LaserJet 3055
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7600
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro K5400
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: HP
Name: Officejet Pro K5400
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro K8600
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: HP
Name: Officejet Pro K8600
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7600
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp color LaserJet 3500
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 3500
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P4515
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4515
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet Professional M1212nf MFP
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: Hewlett-Packard
Name: HP LaserJet Professional M1212nf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
==== System Restore Points ===================
.
RP4205: 6/24/2011 1:08:39 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4206: 6/24/2011 1:11:23 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4207: 6/24/2011 1:46:28 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4208: 6/24/2011 1:57:21 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4209: 6/24/2011 2:22:14 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4210: 6/24/2011 2:33:24 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4211: 6/24/2011 2:44:41 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4212: 6/24/2011 3:37:22 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4213: 6/24/2011 3:54:33 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4214: 6/24/2011 4:03:12 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4215: 6/24/2011 4:04:04 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4216: 6/29/2011 8:05:28 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4217: 6/29/2011 8:08:25 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4218: 6/29/2011 8:20:05 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4219: 6/29/2011 9:25:59 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4220: 6/29/2011 9:26:31 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4221: 6/29/2011 9:29:18 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4222: 6/29/2011 9:31:50 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4223: 6/29/2011 11:59:08 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4224: 6/29/2011 12:12:46 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4225: 6/29/2011 12:32:35 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4226: 6/29/2011 12:39:27 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4227: 6/29/2011 1:01:40 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4228: 6/29/2011 1:05:01 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4229: 6/29/2011 1:08:03 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4230: 6/29/2011 1:53:30 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4231: 6/29/2011 2:11:41 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4232: 6/29/2011 2:25:57 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4233: 6/29/2011 2:29:29 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4234: 6/29/2011 2:45:27 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4235: 6/29/2011 4:12:36 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4236: 6/29/2011 4:24:19 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4237: 6/29/2011 4:52:22 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4238: 6/29/2011 6:50:14 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4239: 6/29/2011 6:55:00 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4240: 6/29/2011 7:38:40 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4241: 6/29/2011 7:43:31 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4242: 6/29/2011 7:53:35 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4243: 6/29/2011 8:11:28 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4244: 6/30/2011 8:09:22 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4245: 6/30/2011 8:16:06 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4246: 6/30/2011 8:19:36 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4247: 6/30/2011 8:32:04 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4248: 6/30/2011 8:33:26 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4249: 6/30/2011 8:57:11 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4250: 6/30/2011 8:58:27 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4251: 6/30/2011 9:08:00 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4252: 6/30/2011 9:41:36 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4253: 6/30/2011 10:10:10 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4254: 6/30/2011 10:19:19 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4255: 6/30/2011 10:57:37 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4256: 6/30/2011 11:12:04 AM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4257: 6/30/2011 12:13:30 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4258: 6/30/2011 12:16:13 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4259: 6/30/2011 12:26:02 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4260: 6/30/2011 12:26:31 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4261: 6/30/2011 12:48:48 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
RP4262: 6/30/2011 12:51:39 PM - Printer Driver HP Officejet Pro L7600 Series fax Installed
.
==== Installed Programs ======================
.
2Wire Wireless Client
32 Bit HP CIO Components Installer
470_Help
470_Readme
7500_7600_7700_Help1
Acrobat.com
ACT!
ACT! Premium
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 7.0.9
ALPS Touch Pad Driver
Apple Application Support
Apple Software Update
AVerMedia M039 USB Hybrid DVB-T 1.3.0.67
AVerMedia MCE Encoder x86 3.0.1.6
AVerTV
BCMS Vu R2 Client
Bing Bar
Bing Bar Platform
BitTorrent
BPD_HPSU
bpd_scan_Carrier
BPDSoftware
BPDSoftware_Ini
Broadcom Advanced Control Suite
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CASIO USB Driver V1.2.2474.0623
CITIZEN JPOS Thermal Printer
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Crystal Reports XI
CT-S300 x32 v157
CT-S310 x32 v1581
CustomerResearchQFolder
Dell Wireless WLAN Card
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DVD Decrypter (Remove Only)
FedEx Desktop Customer Tools
ffdshow [rev 2527] [2008-12-19]
Google Earth
Google Update Helper
Google Updater
GoToMeeting 4.1.0.366
H470
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Color LaserJet 8550 Uninstaller
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP Officejet H470 Series
HP OfficeJet L7300/L7500/7600/7700
HP Officejet Pro K5300/5400 Series
HP Smart Web Printing
HP Update
HPSSupply
IBM iSeries Access for Windows
IBM iSeries Access for Windows SI16915
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jabra PC Suite 2.4.7
Java™ 6 Update 16
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
L7000_Basic
LG Android Drivers
LG USB Modem driver
LogMeIn Hamachi
MagTek ActiveX Component for USB HID Device
MagTek IntelliConfig 1.04
MagTek USBMSR 1.08
Malwarebytes' Anti-Malware
MAPICS XA Client Architecture (Release 6)
MarketResearch
McAfee Browser Protection Service
McAfee SiteAdvisor Enterprise Plus
McAfee Virus and Spyware Protection Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007 Trial
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2006 with GPS Locator
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Modem Helper
MotoHelper 2.0.24 Driver 4.7.1
MotoHelper MergeModules
Motorola Mobile Drivers Installation 4.7.1
Move Media Player
Mozilla Firefox (3.6.12)
MPM
MSN Money Investment Toolbox
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NetWaiting
Network
NTRU Hybrid TSS v2.0.25
Pantech Handset Driver
Photo Story 3 for Windows
PowerDVD 5.7
PremiumSoft Navicat
PremiumSoft Navicat 8.0 for MySQL
ProductContext
PSI XML Tools Interface
QuickBooks Cash Register Plus 2010
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Status
SUPERAntiSpyware
Toolbox
TrayApp
TSP100 Setup Version 3.0.0
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon V CAST Media Manager
Videora iPod Converter 3.07
Visual C++ 8.0 x86 Runtime Setup Package
VNC Enterprise Edition E4.2.9
WebEx
WebFldrs XP
WebReg
Windows Driver Package - MagTek (MTIMUSB) Ports (01/16/2007 1.10.0005.0)
Windows Driver Package - MAGTEK USB (01/16/2007 1.10.0005.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
6/29/2011 8:03:42 AM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly. It has done this 1 time(s).
6/29/2011 8:03:42 AM, error: Service Control Manager [7022] - The NTRU Hybrid TSS v2.0.25 TCS service hung on starting.
6/29/2011 1:01:12 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
6/24/2011 8:10:24 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer vmserver2003.Winegard1.pri using any of the configured protocols.
6/24/2011 11:56:59 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/23/2011 1:35:47 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BGARC2 that believes that it is the master browser for the domain on transport NwlnkNb. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6DB0000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1368064 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA91DB000 C:\WINDOWS\system32\drivers\sthda.sys 1114112 bytes (SigmaTel, Inc., NDRC)
0xA8FE8000 C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xA8EF1000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF71C4000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9E031000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7268000 mfehidk.sys 430080 bytes (McAfee, Inc., McAfee Link Driver)
0xF6BDC000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xA4CD6000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9DC21000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9DCF0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA90DF000 C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 237568 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF6C35000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF738F000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7197000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9DDD1000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9A46A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9E0A0000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6C8E000 C:\WINDOWS\system32\drivers\mfeavfk.sys 163840 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x9E10F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF731B000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6D76000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 155648 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0)
0xF6D53000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 143360 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xF6CDE000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9BE45000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xF6D30000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9E0ED000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA91B9000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x9E0CB000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x9E15F000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806E2000 ACPI_HAL 134272 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134272 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF72E3000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7341000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7360000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF6D15000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 110592 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x9CF53000 C:\WINDOWS\system32\drivers\mfeapfk.sys 110592 bytes (McAfee, Inc., Access Protection Filter Driver)
0xF717C000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7303000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0x9E019000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7251000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6CC7000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9E003000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0x9DF43000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA4CC2000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 81920 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xF6D01000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6D9C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA4D2E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF72D1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF737E000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6CB6000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA4E0B000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xA96B4000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF76EE000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF767E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF770E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0x9FE25000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA96A4000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x9FDD5000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF751E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF74FE000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA4DBB000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF76DE000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF766E000 C:\WINDOWS\system32\drivers\mfebopk.sys 53248 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF772E000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74DE000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF753E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9E26D000 C:\WINDOWS\system32\DRIVERS\usbccid.sys 49152 bytes (Microsoft Corporation, USB CCID Driver)
0xF76FE000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74CE000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF752E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF771E000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0xF6F7E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF755E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9AB40000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF74EE000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9FDE5000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0x9FE05000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76CE000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF74BE000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF754E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9FDF5000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9FE15000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF788E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF77E6000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0x9F9E5000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7826000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF783E000 C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF773E000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78C6000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA5C7F000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xA8C48000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF777E000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF775E000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xA776F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xA4DA9000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xA5C87000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77A6000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xF77BE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77AE000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF7746000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7796000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF774E000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF779E000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF778E000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF77B6000 C:\WINDOWS\system32\DRIVERS\vsb.sys 20480 bytes (ELTIMA Software, Virtual Serial Bus)
0xA5987000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF796E000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xF78D6000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7996000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA5941000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xA8872000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xA59FF000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0x9DC09000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF711B000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9FCBD000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF799A000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9E15B000 C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xF78CE000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF78D2000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA56A8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA06EA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA8882000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF79A2000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA5939000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79BE000 00000027 8192 bytes
0xF7A0E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xA5A41000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A0A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A40000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xF79BE000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A10000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A14000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A0C000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7A12000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A28000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79C0000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B9B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA83D7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA7A11000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A86000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x86F08908 00000222 0 bytes
==============================================
>Stealth
==============================================
0x86EFF35C Unknown page with executable code, 3236 bytes
0x86EFEF6A Unknown thread object [ ETHREAD 0x86EF7860 ] TID: 112, 600 bytes
0x86EFCFB5 Unknown page with executable code, 75 bytes

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:27 AM

Posted 30 June 2011 - 03:58 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ajohnson16

ajohnson16
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 30 June 2011 - 04:56 PM

Having issues running the utility as we can't get McAfee Security As A Service disabled, as we don't have login information. I believe it's fighting with ComboFix as McAfee SaaS tried to manage several files as it was running. The problem is that I don't believe he has a true administrator account (company computer) so we're going to have to get the correct information to disable McAfee.

I appreciate your help so far and will chime back in when we get a chance.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:27 AM

Posted 30 June 2011 - 05:07 PM

Hello

lets run this first then



tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ajohnson16

ajohnson16
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 01 July 2011 - 10:11 AM

I will try running TDSS Killer again but as I noted in the original post, it won't run.

We tried running ComboFix in Safe Mode and it will run halfway through before freezing at the following point:

Posted Image

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:27 AM

Posted 01 July 2011 - 10:17 AM

Hello

please run TDSSkiller it has been updated - if it won't run then let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ajohnson16

ajohnson16
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 01 July 2011 - 10:36 AM

TDSS log

2011/07/01 10:27:37.0812 5420 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/01 10:27:38.0187 5420 ================================================================================
2011/07/01 10:27:38.0187 5420 SystemInfo:
2011/07/01 10:27:38.0187 5420
2011/07/01 10:27:38.0187 5420 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/01 10:27:38.0187 5420 Product type: Workstation
2011/07/01 10:27:38.0187 5420 ComputerName: JHOFF
2011/07/01 10:27:38.0187 5420 UserName: jhoff
2011/07/01 10:27:38.0187 5420 Windows directory: C:\WINDOWS
2011/07/01 10:27:38.0187 5420 System windows directory: C:\WINDOWS
2011/07/01 10:27:38.0187 5420 Processor architecture: Intel x86
2011/07/01 10:27:38.0187 5420 Number of processors: 2
2011/07/01 10:27:38.0187 5420 Page size: 0x1000
2011/07/01 10:27:38.0187 5420 Boot type: Normal boot
2011/07/01 10:27:38.0187 5420 ================================================================================
2011/07/01 10:27:38.0187 5420 SetPrivileges failed!
2011/07/01 10:27:39.0968 5420 Initialize success
2011/07/01 10:27:47.0375 5116 ================================================================================
2011/07/01 10:27:47.0375 5116 Scan started
2011/07/01 10:27:47.0375 5116 Mode: Manual;
2011/07/01 10:27:47.0375 5116 ================================================================================
2011/07/01 10:27:52.0000 5116 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/01 10:27:52.0281 5116 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/01 10:27:52.0390 5116 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/01 10:27:52.0625 5116 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/01 10:27:52.0671 5116 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/01 10:27:52.0812 5116 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/07/01 10:27:52.0875 5116 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/01 10:27:52.0921 5116 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/01 10:27:52.0953 5116 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/01 10:27:52.0984 5116 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/01 10:27:53.0078 5116 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/01 10:27:53.0140 5116 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/01 10:27:53.0156 5116 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/01 10:27:53.0187 5116 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/01 10:27:53.0203 5116 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/01 10:27:53.0250 5116 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/07/01 10:27:53.0296 5116 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/07/01 10:27:53.0390 5116 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/01 10:27:53.0437 5116 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/01 10:27:53.0468 5116 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/01 10:27:53.0515 5116 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/01 10:27:53.0562 5116 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/01 10:27:53.0593 5116 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/01 10:27:53.0640 5116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/01 10:27:53.0671 5116 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/07/01 10:27:53.0781 5116 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/01 10:27:53.0843 5116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/01 10:27:54.0015 5116 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
2011/07/01 10:27:54.0062 5116 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/01 10:27:54.0125 5116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/01 10:27:54.0203 5116 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/01 10:27:54.0296 5116 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/01 10:27:54.0343 5116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/01 10:27:54.0375 5116 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/01 10:27:54.0437 5116 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/01 10:27:54.0500 5116 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/01 10:27:54.0546 5116 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/01 10:27:54.0562 5116 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/01 10:27:54.0593 5116 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/01 10:27:54.0656 5116 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/01 10:27:54.0687 5116 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/01 10:27:54.0718 5116 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/01 10:27:54.0781 5116 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/01 10:27:54.0906 5116 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/01 10:27:54.0968 5116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/01 10:27:55.0031 5116 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/01 10:27:55.0093 5116 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/01 10:27:55.0171 5116 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/01 10:27:55.0218 5116 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/01 10:27:55.0328 5116 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/01 10:27:55.0390 5116 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/01 10:27:55.0421 5116 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/01 10:27:55.0453 5116 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/01 10:27:55.0515 5116 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/01 10:27:55.0593 5116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/01 10:27:55.0625 5116 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/01 10:27:55.0671 5116 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/01 10:27:55.0750 5116 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/01 10:27:55.0796 5116 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/07/01 10:27:55.0859 5116 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/01 10:27:56.0062 5116 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/01 10:27:56.0140 5116 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/01 10:27:56.0203 5116 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/01 10:27:56.0265 5116 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/01 10:27:56.0343 5116 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/01 10:27:56.0437 5116 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/07/01 10:27:56.0546 5116 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/07/01 10:27:56.0718 5116 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/01 10:27:56.0765 5116 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/01 10:27:56.0796 5116 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/01 10:27:56.0859 5116 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/01 10:27:56.0984 5116 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/01 10:27:57.0109 5116 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/01 10:27:57.0171 5116 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/01 10:27:57.0203 5116 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/01 10:27:57.0406 5116 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/01 10:27:57.0453 5116 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/01 10:27:57.0484 5116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/01 10:27:57.0500 5116 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/01 10:27:57.0562 5116 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/01 10:27:57.0640 5116 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/01 10:27:57.0687 5116 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/01 10:27:57.0734 5116 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/01 10:27:57.0765 5116 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/01 10:27:57.0812 5116 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/01 10:27:57.0875 5116 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/01 10:27:57.0968 5116 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/01 10:27:58.0109 5116 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/07/01 10:27:58.0187 5116 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/01 10:27:58.0250 5116 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/07/01 10:27:58.0328 5116 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/07/01 10:27:58.0437 5116 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/07/01 10:27:58.0515 5116 mfehidk (188b40866db2ab8ef262febc65291687) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/07/01 10:27:58.0625 5116 mferkdet (c1b30af2e18e69bf8ceb39b33f32d3c1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/07/01 10:27:58.0671 5116 mfetdi2k (97ef4ca122ddda4781ff557e65dfb262) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/07/01 10:27:58.0703 5116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/01 10:27:58.0750 5116 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/01 10:27:58.0796 5116 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
2011/07/01 10:27:58.0984 5116 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/07/01 10:27:59.0156 5116 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
2011/07/01 10:27:59.0218 5116 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
2011/07/01 10:27:59.0265 5116 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
2011/07/01 10:27:59.0312 5116 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/01 10:27:59.0343 5116 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/01 10:27:59.0453 5116 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/01 10:27:59.0500 5116 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/07/01 10:27:59.0531 5116 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/01 10:27:59.0578 5116 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/01 10:27:59.0640 5116 MRxSmb (f9692be777822ab3f1a91c34728786da) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/01 10:27:59.0765 5116 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/01 10:27:59.0828 5116 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/01 10:27:59.0875 5116 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/01 10:27:59.0921 5116 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/01 10:27:59.0968 5116 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/01 10:28:00.0046 5116 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/01 10:28:00.0062 5116 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/01 10:28:00.0109 5116 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/01 10:28:00.0234 5116 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/01 10:28:00.0281 5116 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/01 10:28:00.0296 5116 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/01 10:28:00.0328 5116 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/01 10:28:00.0343 5116 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/01 10:28:00.0359 5116 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/01 10:28:00.0390 5116 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/01 10:28:00.0421 5116 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/01 10:28:00.0562 5116 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/01 10:28:00.0640 5116 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/01 10:28:00.0671 5116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/01 10:28:00.0781 5116 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/01 10:28:00.0921 5116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/01 10:28:01.0171 5116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/01 10:28:01.0406 5116 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/07/01 10:28:01.0734 5116 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/07/01 10:28:01.0812 5116 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/07/01 10:28:01.0859 5116 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/07/01 10:28:01.0906 5116 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/01 10:28:02.0000 5116 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/01 10:28:02.0046 5116 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/01 10:28:02.0093 5116 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/01 10:28:02.0140 5116 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/01 10:28:02.0187 5116 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/01 10:28:02.0296 5116 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/01 10:28:02.0343 5116 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/01 10:28:02.0406 5116 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/01 10:28:02.0546 5116 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/01 10:28:02.0593 5116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/01 10:28:02.0656 5116 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/01 10:28:02.0750 5116 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/01 10:28:02.0765 5116 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/01 10:28:02.0796 5116 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/01 10:28:03.0000 5116 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/01 10:28:03.0046 5116 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/01 10:28:03.0078 5116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/01 10:28:03.0109 5116 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/01 10:28:03.0140 5116 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/01 10:28:03.0156 5116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/01 10:28:03.0281 5116 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/01 10:28:03.0296 5116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/01 10:28:03.0359 5116 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/01 10:28:03.0437 5116 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/01 10:28:03.0453 5116 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/01 10:28:03.0515 5116 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/01 10:28:03.0609 5116 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/01 10:28:03.0718 5116 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/01 10:28:03.0750 5116 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/01 10:28:03.0843 5116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/01 10:28:04.0000 5116 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/01 10:28:04.0062 5116 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/01 10:28:04.0093 5116 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/01 10:28:04.0156 5116 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/01 10:28:04.0218 5116 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/01 10:28:04.0250 5116 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/01 10:28:04.0296 5116 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/01 10:28:04.0328 5116 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/01 10:28:04.0421 5116 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/01 10:28:04.0562 5116 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/01 10:28:04.0656 5116 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/01 10:28:04.0703 5116 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/01 10:28:04.0781 5116 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/01 10:28:04.0843 5116 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/01 10:28:05.0031 5116 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/01 10:28:05.0046 5116 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/01 10:28:05.0109 5116 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/01 10:28:05.0125 5116 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/01 10:28:05.0156 5116 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/01 10:28:05.0281 5116 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/01 10:28:05.0312 5116 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/01 10:28:05.0343 5116 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/01 10:28:05.0390 5116 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/01 10:28:05.0437 5116 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/01 10:28:05.0546 5116 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/01 10:28:05.0609 5116 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/01 10:28:05.0656 5116 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/01 10:28:05.0953 5116 USBAVCap (afa7189cb02fa01a74cc46f1db6e8bfb) C:\WINDOWS\system32\drivers\USBAVCap.sys
2011/07/01 10:28:06.0312 5116 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/01 10:28:06.0703 5116 USBCCID (ca16635aac61993a27ebeeb3f683fa8e) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/07/01 10:28:06.0953 5116 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/01 10:28:07.0531 5116 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/01 10:28:07.0843 5116 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/01 10:28:08.0078 5116 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/01 10:28:08.0109 5116 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/01 10:28:08.0265 5116 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/01 10:28:08.0312 5116 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/01 10:28:08.0359 5116 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/01 10:28:08.0390 5116 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/01 10:28:08.0421 5116 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/01 10:28:08.0546 5116 vsbus (9a6d82a92023d761b65d6f4bb21ffecb) C:\WINDOWS\system32\DRIVERS\vsb.sys
2011/07/01 10:28:08.0593 5116 vserial (1347a382745d9f57fca86bc3d78881c7) C:\WINDOWS\system32\DRIVERS\vserial.sys
2011/07/01 10:28:08.0640 5116 vtcdrv (aa399e12d98f3cf7b5481a963c9d9ad6) C:\WINDOWS\system32\DRIVERS\vtcdrv.sys
2011/07/01 10:28:08.0687 5116 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/01 10:28:08.0750 5116 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/07/01 10:28:08.0937 5116 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/01 10:28:09.0046 5116 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/07/01 10:28:09.0218 5116 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/01 10:28:09.0296 5116 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/01 10:28:09.0343 5116 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/01 10:28:09.0375 5116 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/01 10:28:09.0437 5116 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/01 10:28:09.0609 5116 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/07/01 10:28:09.0609 5116 Boot (0x1200) (6c470e0a252a4e422dda10d0db1642d9) \Device\Harddisk0\DR0\Partition0
2011/07/01 10:28:09.0625 5116 ================================================================================
2011/07/01 10:28:09.0625 5116 Scan finished
2011/07/01 10:28:09.0625 5116 ================================================================================
2011/07/01 10:28:09.0640 5300 Detected object count: 1
2011/07/01 10:28:09.0640 5300 Actual detected object count: 1
2011/07/01 10:28:28.0640 5300 Rootkit.Win32.BackBoot.gen(\Device\Harddisk0\DR0) - User select action: Skip

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:27 AM

Posted 01 July 2011 - 11:10 AM

hello

looks like you skipped the fix - rerun again and allow it to cure



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ajohnson16

ajohnson16
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 01 July 2011 - 11:24 AM

Gringo,

There is no option to Cure. There is just Skip, Copy to Quarantine and Restore.

The only file showing on TDSS is the Rootkit.Win32.BackBoot.gen.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:27 AM

Posted 01 July 2011 - 11:27 AM

Print out these instructions to use while in the Recovery Console:

1.Restart your computer.
2.Before Windows loads, you will be prompted to choose which Operating System to start.
3.Use the up and down arrow key to select Microsoft Windows Recovery Console
4.You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5.At the C:\Windows prompt, type the following bolded entries, and press 'Enter'

fixmbr
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ajohnson16

ajohnson16
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 01 July 2011 - 12:32 PM

Sorry if this is apparent, but how do you get to the recovery console? I see you've referenced it before but I can't see where to get into it.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:27 AM

Posted 02 July 2011 - 01:22 AM

Burn recovery console cd

  • Download recovery_console_cd.zip file to your drive and extract it to its own folder (c:\recoverycd for example).
  • Download floppy disk setup package xp Pro for your operating system (XP Pro) and save it to the folder you extracted the zip to.
  • Rename the floppy disk setup package to Bootdisk.exe.
  • Insert a blank cd into your burner.
  • Double-click the RecoveryCD.bat file and follow the prompts to burn a cd that will allow you to boot to the recovery console.

Boot into recovery console

  • insert the cd that we made into cd player
  • restart the computer
  • screen will say "Windows set up" just wait
  • at the welcome screen press "R"
  • type 1 to enter c:\windows
  • type in the following and press enter
  • fixmbr

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:27 AM

Posted 05 July 2011 - 01:31 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users