Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

excellent search server.com


  • Please log in to reply
9 replies to this topic

#1 Megsbigbear

Megsbigbear

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:04:43 AM

Posted 06 September 2011 - 05:52 PM

Hi,

I seem to have recently picked up a redirection virus - at least I hope that's what it is. Whenever I try to search for something I get redirected but in the bottom left of the screen it says 'waiting for excellentsearchserver.com' before I get redirected. I'm rather fed up about this having only just recently cleared the going on earth redirection virus, and I've tried to be really careful since then.

I'm running Windows 7 and Firefox.

Also whenever I try to do a virus scan using McAfee, it stops and says:

An error has occurred
An unexpected error occurred during your scan.
Please click ok to go back to your Home page, and then try running your scan again

But running it again gives the same results.

It's also doing this thing where when I open a program up comes a window that syas that Windows Firewall had blocked it and do I want to allow it.

I've just tried running Mbam and it's immediately stopped running and when I've tried to open it again it says that the pathway is invalid and I don't have permission.

Please help me!!! Again!!

Thanks,

Mick

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:43 PM

Posted 06 September 2011 - 07:55 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Megsbigbear

Megsbigbear
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:04:43 AM

Posted 08 September 2011 - 12:02 PM

Hi. Thanks for responding to me. I had a bit of trouble getting on to my computer - a Lenovo G550 in case you needed to know - to do what you'd said. It wouldn't open windows and just kept giving me a blue screen that said "A process or thread crucial to system operation has unexpectedly exited or terminated. If problems continue disable or remove newly installed hardware or software. Disable BIOS memory options such as caching or shadowing". It then went on to talk about using safe mode. I tried using windows repair but it didn't work. Nor could I access windows in safe mode (same blue screen). In the end i managed to restore the computer to an earlier point. I'd thought I might have to strip it right back to factory settings (it's only 6 months since I did that so it wouldn't have been too bad, but I'd prefer not to have to).

Anyway, I've run everything you said and here are the logs:

Security Check:

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Internet Security
McAfee Virtual Technician
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


MiniToolBox:

MiniToolBox by Farbar
Ran by Mick (administrator) on 08-09-2011 at 15:30:40
Windows 7 Home Premium Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mick-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-26-82-3A-AC-2B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-26-82-3A-AC-2B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dded:5731:9430:6f9f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 September 2011 15:11:46
Lease Expires . . . . . . . . . . : 09 September 2011 15:11:46
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 301999746
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-91-9D-AC-00-26-22-D8-67-E2
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Fast Ethernet
Physical Address. . . . . . . . . : 00-26-22-D8-67-E2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:3c25:36f4:a52d:99f6(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c25:36f4:a52d:99f6%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{398CF0EA-63C4-4D90-ADC4-8320337F2829}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8CBEA47C-5158-4224-BCF2-8A2EF1F13D5D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: myrouter.home
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.230.113
74.125.230.114
74.125.230.115
74.125.230.116
74.125.230.112


Pinging google.com [74.125.230.112] with 32 bytes of data:
Reply from 74.125.230.112: bytes=32 time=127ms TTL=57
Reply from 74.125.230.112: bytes=32 time=142ms TTL=57

Ping statistics for 74.125.230.112:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 142ms, Average = 134ms
Server: myrouter.home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Request timed out.
Reply from 98.137.149.56: bytes=32 time=510ms TTL=48

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 510ms, Maximum = 510ms, Average = 510ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 26 82 3a ac 2b ......Microsoft Virtual WiFi Miniport Adapter
11...00 26 82 3a ac 2b ......Broadcom 802.11g Network Adapter
10...00 26 22 d8 67 e2 ......Broadcom NetLink ™ Fast Ethernet
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.4 281
192.168.0.4 255.255.255.255 On-link 192.168.0.4 281
192.168.0.255 255.255.255.255 On-link 192.168.0.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:5ef5:73b8:3c25:36f4:a52d:99f6/128
On-link
11 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::3c25:36f4:a52d:99f6/128
On-link
11 281 fe80::dded:5731:9430:6f9f/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/08/2011 03:11:51 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 3

Error: (09/08/2011 11:08:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/08/2011 11:07:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/08/2011 10:47:32 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/08/2011 09:59:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: mfevtps.exe, version: 14.4.0.385, time stamp: 0x4d6ed9fe
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0040da02
Faulting process id: 0x11c4
Faulting application start time: 0xmfevtps.exe0
Faulting application path: mfevtps.exe1
Faulting module path: mfevtps.exe2
Report Id: mfevtps.exe3

Error: (09/08/2011 09:57:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: iPodService.exe, version: 10.4.0.80, time stamp: 0x4e262608
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0043883e
Faulting process id: 0xe48
Faulting application start time: 0xiPodService.exe0
Faulting application path: iPodService.exe1
Faulting module path: iPodService.exe2
Report Id: iPodService.exe3

Error: (09/08/2011 09:57:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: WLIDSVC.EXE, version: 6.500.3165.0, time stamp: 0x4a8af2c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x010838d0
Faulting process id: 0xcb8
Faulting application start time: 0xWLIDSVC.EXE0
Faulting application path: WLIDSVC.EXE1
Faulting module path: WLIDSVC.EXE2
Report Id: WLIDSVC.EXE3

Error: (09/08/2011 09:57:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: mfevtps.exe, version: 14.4.0.385, time stamp: 0x4d6ed9fe
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0040da02
Faulting process id: 0xbb4
Faulting application start time: 0xmfevtps.exe0
Faulting application path: mfevtps.exe1
Faulting module path: mfevtps.exe2
Report Id: mfevtps.exe3

Error: (09/08/2011 09:57:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.0.0.2, time stamp: 0x4e1c8f26
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0043ba38
Faulting process id: 0xb34
Faulting application start time: 0xmDNSResponder.exe0
Faulting application path: mDNSResponder.exe1
Faulting module path: mDNSResponder.exe2
Report Id: mDNSResponder.exe3

Error: (09/08/2011 09:56:39 AM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.66.0.47, time stamp: 0x4d4d9ef9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00403d54
Faulting process id: 0xa04
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3


System errors:
=============
Error: (09/08/2011 03:11:56 PM) (Source: Service Control Manager) (User: )
Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/08/2011 03:11:53 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Error: (09/08/2011 03:11:44 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x00000003, 0x8883f590, 0x8883f6fc, 0x83260d60)C:\windows\MEMORY.DMP090811-21855-01

Error: (09/08/2011 02:50:21 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: SYSTEM)
Description: SAM failed to start the TCP/IP or SPX/IPX listening thread

Error: (09/08/2011 02:50:17 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x00000003, 0x88819d40, 0x88819eac, 0x83252d60)C:\windows\MEMORY.DMP090811-38079-01

Error: (09/08/2011 02:34:53 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: SYSTEM)
Description: SAM failed to start the TCP/IP or SPX/IPX listening thread

Error: (09/08/2011 02:34:47 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x00000003, 0x8882fac0, 0x8882fc2c, 0x83232d60)C:\windows\MEMORY.DMP090811-38157-01

Error: (09/08/2011 02:28:45 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: SYSTEM)
Description: SAM failed to start the TCP/IP or SPX/IPX listening thread

Error: (09/08/2011 02:28:41 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x00000003, 0x888c9910, 0x888c9a7c, 0x83261d60)C:\windows\MEMORY.DMP090811-38579-01

Error: (09/08/2011 02:28:37 PM) (Source: DCOM) (User: )
Description: 1726winmgmt{8BC3F05E-D86B-11D0-A075-00C04FB68820}


Microsoft Office Sessions:
=========================
Error: (09/08/2011 03:11:51 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description: 3

Error: (09/08/2011 11:08:52 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\silicon motion\lenovo easycamera\driverpackage\DPInst64.exe

Error: (09/08/2011 11:07:45 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\asio4all v2\a4apanel64.exe

Error: (09/08/2011 10:47:32 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (09/08/2011 09:59:32 AM) (Source: Application Error)(User: )
Description: mfevtps.exe14.4.0.3854d6ed9feunknown0.0.0.000000000c00000050040da0211c401cc6e05a013530fC:\windows\system32\mfevtps.exeunknownddc70210-d9f8-11e0-86ed-002622d867e2

Error: (09/08/2011 09:57:47 AM) (Source: Application Error)(User: )
Description: iPodService.exe10.4.0.804e262608unknown0.0.0.000000000c00000050043883ee4801cc6e05588efe9cC:\Program Files\iPod\bin\iPodService.exeunknown9f35767d-d9f8-11e0-86ed-002622d867e2

Error: (09/08/2011 09:57:31 AM) (Source: Application Error)(User: )
Description: WLIDSVC.EXE6.500.3165.04a8af2c4unknown0.0.0.000000000c0000005010838d0cb801cc6e054ed2bdddC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEunknown957858a6-d9f8-11e0-86ed-002622d867e2

Error: (09/08/2011 09:57:15 AM) (Source: Application Error)(User: )
Description: mfevtps.exe14.4.0.3854d6ed9feunknown0.0.0.000000000c00000050040da02bb401cc6e0545a7b10fC:\windows\system32\mfevtps.exeunknown8c488917-d9f8-11e0-86ed-002622d867e2

Error: (09/08/2011 09:57:00 AM) (Source: Application Error)(User: )
Description: mDNSResponder.exe3.0.0.24e1c8f26unknown0.0.0.000000000c00000050043ba38b3401cc6e053c64d67eC:\Program Files\Bonjour\mDNSResponder.exeunknown830cd2a7-d9f8-11e0-86ed-002622d867e2

Error: (09/08/2011 09:56:39 AM) (Source: Application Error)(User: )
Description: AppleMobileDeviceService.exe17.66.0.474d4d9ef9unknown0.0.0.000000000c000000500403d54a0401cc6e052fd26afbC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeunknown767108b3-d9f8-11e0-86ed-002622d867e2


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.9
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL (Version: 2.10)
AviSynth 2.5
Bonjour (Version: 3.0.0.2)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Broadcom Gigabit Integrated Controller (Version: 12.24.01)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HD Audio (Version: 4.98.4.0)
Cucusoft Ultimate DVD + Video Converter Suite 8.8.8.8
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 6.2.0.5 (11/11/2009)
EasyCapture (Version: V4.0.09.0731)
Energy Management (Version: 4.3.1.1)
Fable - The Lost Chapters (Version: 1.0.0000.1)
Google Earth (Version: 5.0.11733.9347)
Hitman 2 Silent Assassin (Version: 1.0.0000.1)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Lenovo EasyCamera
Lenovo EasyCamera (Version: 5.8.0.11)
Lenovo OneKey Recovery (Version: 7.0.0723)
McAfee Internet Security (Version: 10.5.240)
McAfee Virtual Technician (Version: 6.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Mixxx 1.9.0 (Version: 1.9.0)
Mozilla Firefox 5.0 (x86 en-GB) (Version: 5.0)
Nero 7 Ultra Edition (Version: 7.02.4741)
Pinnacle Game Profiler (Version: 6.0.0)
QuickTime (Version: 7.70.80.34)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Reason 5.0 (Version: 5.0)
ReCycle 2.1 (Version: 2.1)
Samsung Kies (Version: 2.0.1.11053_99)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2410.0)
Star Wars JK II Jedi Outcast
Videora iPod Converter 6 (Version: 6)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinZip (Version: 11.0 (7313))
YouTube Downloader 3.0

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 3032.6 MB
Available physical RAM: 1991.2 MB
Total Pagefile: 6063.49 MB
Available Pagefile: 4961.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.27 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:187.69 GB) (Free:86.52 GB) NTFS
2 Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:26.05 GB) NTFS

========================= Users: ========================================

User accounts for \\MICK-PC

Administrator Guest Mick


**** End of log ****


MBAM:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7677

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

08/09/2011 16:10:50
mbam-log-2011-09-08 (16-10-50).txt

Scan type: Quick scan
Objects scanned: 163873
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-08 17:42:18
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0084
Running: ndn6txoi.exe; Driver: C:\Users\Mick\AppData\Local\Temp\kxldypoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B86F268]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B86F292]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B86F27E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B86F254]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8306D5C5 5 Bytes JMP 8B86F258 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKey + 13D1 8307F349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!NtMapViewOfSection 8328843A 7 Bytes JMP 8B86F26C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8329CA65 5 Bytes JMP 8B86F296 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 832A66E2 5 Bytes JMP 8B86F282 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\sppg.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 9237EDB9 5 Bytes JMP 875344E0
.text a4cy5s2s.SYS 93F4C000 2 Bytes [44, F8] {INC ESP; CLC }
.text a4cy5s2s.SYS 93F4C003 9 Bytes [83, EE, F6, 00, 83, A0, D7, ...] {SUB ESI, -0xa; ADD [EBX-0x7cff2860], AL}
.text a4cy5s2s.SYS 93F4C00D 9 Bytes [D7, 00, 83, 48, FB, 00, 83, ...] {XLATB ; ADD [EBX-0x7cff04b8], AL; ADD [EAX], AL}
.text a4cy5s2s.SYS 93F4C017 20 Bytes [00, DE, C7, 58, 8B, E6, C5, ...]
.text a4cy5s2s.SYS 93F4C02C 149 Bytes [00, 00, 00, 00, C0, A1, 07, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\services.exe[580] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 00930000
.text C:\windows\system32\services.exe[580] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 00930FEF
.text C:\windows\system32\services.exe[580] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 00930025
.text C:\windows\system32\services.exe[580] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 00940F72
.text C:\windows\system32\services.exe[580] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 00940F32
.text C:\windows\system32\services.exe[580] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 00940F4D
.text C:\windows\system32\services.exe[580] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 00940FC3
.text C:\windows\system32\services.exe[580] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 0094009B
.text C:\windows\system32\services.exe[580] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 00940065
.text C:\windows\system32\services.exe[580] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 00940080
.text C:\windows\system32\services.exe[580] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 00940F21
.text C:\windows\system32\services.exe[580] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 0094002F
.text C:\windows\system32\services.exe[580] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 009400B6
.text C:\windows\system32\services.exe[580] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 00940FDE
.text C:\windows\system32\services.exe[580] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 00940FEF
.text C:\windows\system32\services.exe[580] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 0094004A
.text C:\windows\system32\services.exe[580] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 00940F8D
.text C:\windows\system32\services.exe[580] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 00940014
.text C:\windows\system32\services.exe[580] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 009400C7
.text C:\windows\system32\services.exe[580] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 00940FA8
.text C:\windows\system32\services.exe[580] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 009E0FE3
.text C:\windows\system32\services.exe[580] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 009E003D
.text C:\windows\system32\services.exe[580] msvcrt.dll!system 75FEB16F 5 Bytes JMP 009E002C
.text C:\windows\system32\services.exe[580] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 009E0000
.text C:\windows\system32\services.exe[580] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 009E001B
.text C:\windows\system32\services.exe[580] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 009E0FC6
.text C:\windows\system32\services.exe[580] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 009F0000
.text C:\windows\system32\services.exe[580] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 009F0FCA
.text C:\windows\system32\services.exe[580] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 009F0051
.text C:\windows\system32\services.exe[580] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 009F0FB9
.text C:\windows\system32\services.exe[580] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 009F0FE5
.text C:\windows\system32\services.exe[580] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 009F0F94
.text C:\windows\system32\services.exe[580] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 009F0036
.text C:\windows\system32\services.exe[580] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 009F0025
.text C:\windows\system32\services.exe[580] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 009D0000
.text C:\windows\system32\lsass.exe[588] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 00690FEF
.text C:\windows\system32\lsass.exe[588] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 00690FD4
.text C:\windows\system32\lsass.exe[588] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 0069000A
.text C:\windows\system32\lsass.exe[588] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 006A00C1
.text C:\windows\system32\lsass.exe[588] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 006A00F7
.text C:\windows\system32\lsass.exe[588] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 006A0F62
.text C:\windows\system32\lsass.exe[588] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 006A0022
.text C:\windows\system32\lsass.exe[588] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 006A0081
.text C:\windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 006A0055
.text C:\windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 006A0066
.text C:\windows\system32\lsass.exe[588] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 006A0F51
.text C:\windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 006A0033
.text C:\windows\system32\lsass.exe[588] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 006A00D2
.text C:\windows\system32\lsass.exe[588] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 006A0011
.text C:\windows\system32\lsass.exe[588] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 006A0000
.text C:\windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 006A0044
.text C:\windows\system32\lsass.exe[588] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 006A009C
.text C:\windows\system32\lsass.exe[588] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 006A0FDB
.text C:\windows\system32\lsass.exe[588] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 006A0F7D
.text C:\windows\system32\lsass.exe[588] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 006A0F8E
.text C:\windows\system32\lsass.exe[588] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 006C0000
.text C:\windows\system32\lsass.exe[588] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 006C0FC0
.text C:\windows\system32\lsass.exe[588] msvcrt.dll!system 75FEB16F 5 Bytes JMP 006C0FDB
.text C:\windows\system32\lsass.exe[588] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 006C003A
.text C:\windows\system32\lsass.exe[588] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 006C004B
.text C:\windows\system32\lsass.exe[588] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 006C001D
.text C:\windows\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 00750000
.text C:\windows\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 00750FDB
.text C:\windows\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 00750FC0
.text C:\windows\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 00750062
.text C:\windows\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 00750011
.text C:\windows\system32\lsass.exe[588] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 00750073
.text C:\windows\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 00750047
.text C:\windows\system32\lsass.exe[588] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 0075002C
.text C:\windows\system32\lsass.exe[588] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 006B0FEF
.text C:\windows\system32\svchost.exe[696] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 002E0FEF
.text C:\windows\system32\svchost.exe[696] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 002E001E
.text C:\windows\system32\svchost.exe[696] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 002E0FDE
.text C:\windows\system32\svchost.exe[696] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 002F0F79
.text C:\windows\system32\svchost.exe[696] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 002F00E9
.text C:\windows\system32\svchost.exe[696] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 002F00D8
.text C:\windows\system32\svchost.exe[696] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 002F001B
.text C:\windows\system32\svchost.exe[696] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 002F0F94
.text C:\windows\system32\svchost.exe[696] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 002F0051
.text C:\windows\system32\svchost.exe[696] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 002F006C
.text C:\windows\system32\svchost.exe[696] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 002F0104
.text C:\windows\system32\svchost.exe[696] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 002F0FB9
.text C:\windows\system32\svchost.exe[696] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 002F0F68
.text C:\windows\system32\svchost.exe[696] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 002F0000
.text C:\windows\system32\svchost.exe[696] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 002F0FE5
.text C:\windows\system32\svchost.exe[696] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 002F0036
.text C:\windows\system32\svchost.exe[696] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 002F00A2
.text C:\windows\system32\svchost.exe[696] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 002F0FD4
.text C:\windows\system32\svchost.exe[696] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 002F00BD
.text C:\windows\system32\svchost.exe[696] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 002F0087
.text C:\windows\system32\svchost.exe[696] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 00310000
.text C:\windows\system32\svchost.exe[696] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 00310F90
.text C:\windows\system32\svchost.exe[696] msvcrt.dll!system 75FEB16F 5 Bytes JMP 00310FA1
.text C:\windows\system32\svchost.exe[696] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 00310011
.text C:\windows\system32\svchost.exe[696] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 00310FBC
.text C:\windows\system32\svchost.exe[696] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 00310FE3
.text C:\windows\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 0036000A
.text C:\windows\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 00360FDB
.text C:\windows\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 0036007D
.text C:\windows\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 00360058
.text C:\windows\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 0036001B
.text C:\windows\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 00360FC0
.text C:\windows\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 00360047
.text C:\windows\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 00360036
.text C:\windows\system32\svchost.exe[696] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 00300000
.text C:\windows\system32\svchost.exe[772] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 00180FEF
.text C:\windows\system32\svchost.exe[772] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 00180025
.text C:\windows\system32\svchost.exe[772] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 0018000A
.text C:\windows\system32\svchost.exe[772] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 001D0F72
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 001D0F2B
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 001D00C0
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 001D0FEF
.text C:\windows\system32\svchost.exe[772] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 001D0F8D
.text C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 001D0FAF
.text C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 001D0F9E
.text C:\windows\system32\svchost.exe[772] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 001D0F1A
.text C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 001D0FD4
.text C:\windows\system32\svchost.exe[772] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 001D0F61
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 001D001B
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 001D0000
.text C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 001D005B
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 001D009B
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 001D0036
.text C:\windows\system32\svchost.exe[772] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 001D0F50
.text C:\windows\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 001D008A
.text C:\windows\system32\svchost.exe[772] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 00230FE3
.text C:\windows\system32\svchost.exe[772] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 00230FA6
.text C:\windows\system32\svchost.exe[772] msvcrt.dll!system 75FEB16F 5 Bytes JMP 00230FB7
.text C:\windows\system32\svchost.exe[772] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 0023000C
.text C:\windows\system32\svchost.exe[772] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 00230027
.text C:\windows\system32\svchost.exe[772] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 00230FD2
.text C:\windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 00310FEF
.text C:\windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 0031001E
.text C:\windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 00310F7C
.text C:\windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 00310F8D
.text C:\windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 00310FDE
.text C:\windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 0031002F
.text C:\windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 00310FB2
.text C:\windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 00310FCD
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 001E0000
.text C:\windows\System32\svchost.exe[828] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 00940FEF
.text C:\windows\System32\svchost.exe[828] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 00940FC3
.text C:\windows\System32\svchost.exe[828] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 00940FDE
.text C:\windows\System32\svchost.exe[828] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 00990091
.text C:\windows\System32\svchost.exe[828] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 00990F17
.text C:\windows\System32\svchost.exe[828] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 00990F28
.text C:\windows\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 00990FC3
.text C:\windows\System32\svchost.exe[828] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 00990F83
.text C:\windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 00990054
.text C:\windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 00990065
.text C:\windows\System32\svchost.exe[828] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 009900C7
.text C:\windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 00990039
.text C:\windows\System32\svchost.exe[828] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 009900AC
.text C:\windows\System32\svchost.exe[828] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 00990FE5
.text C:\windows\System32\svchost.exe[828] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 00990000
.text C:\windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 00990FA8
.text C:\windows\System32\svchost.exe[828] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 00990080
.text C:\windows\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 00990FD4
.text C:\windows\System32\svchost.exe[828] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 00990F43
.text C:\windows\System32\svchost.exe[828] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 00990F72
.text C:\windows\System32\svchost.exe[828] msvcrt.dll!_open 75FB7E48 3 Bytes JMP 00AC0000
.text C:\windows\System32\svchost.exe[828] msvcrt.dll!_open + 4 75FB7E4C 1 Byte [8A]
.text C:\windows\System32\svchost.exe[828] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 00AC0F94
.text C:\windows\System32\svchost.exe[828] msvcrt.dll!system 75FEB16F 5 Bytes JMP 00AC0029
.text C:\windows\System32\svchost.exe[828] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 00AC0FDE
.text C:\windows\System32\svchost.exe[828] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 00AC0FC3
.text C:\windows\System32\svchost.exe[828] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 00AC0FEF
.text C:\windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 00AD0FEF
.text C:\windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 00AD002F
.text C:\windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 00AD0FA8
.text C:\windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 00AD0040
.text C:\windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 00AD0FDE
.text C:\windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 00AD0F83
.text C:\windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 00AD001E
.text C:\windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 00AD0FCD
.text C:\windows\System32\svchost.exe[828] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 00AB0FEF
.text C:\windows\System32\svchost.exe[860] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 003D0000
.text C:\windows\System32\svchost.exe[860] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 003D002C
.text C:\windows\System32\svchost.exe[860] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 003D0011
.text C:\windows\System32\svchost.exe[860] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 003E0F3C
.text C:\windows\System32\svchost.exe[860] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 003E0EF5
.text C:\windows\System32\svchost.exe[860] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 003E0F06
.text C:\windows\System32\svchost.exe[860] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 003E0FDE
.text C:\windows\System32\svchost.exe[860] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 003E0F7C
.text C:\windows\System32\svchost.exe[860] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 003E0FA8
.text C:\windows\System32\svchost.exe[860] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 003E0F97
.text C:\windows\System32\svchost.exe[860] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 003E00A5
.text C:\windows\System32\svchost.exe[860] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 003E004A
.text C:\windows\System32\svchost.exe[860] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 003E0F21
.text C:\windows\System32\svchost.exe[860] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 003E0FEF
.text C:\windows\System32\svchost.exe[860] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 003E000A
.text C:\windows\System32\svchost.exe[860] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 003E0FC3
.text C:\windows\System32\svchost.exe[860] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 003E0065
.text C:\windows\System32\svchost.exe[860] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 003E002F
.text C:\windows\System32\svchost.exe[860] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 003E0080
.text C:\windows\System32\svchost.exe[860] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 003E0F61
.text C:\windows\System32\svchost.exe[860] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 00400FEF
.text C:\windows\System32\svchost.exe[860] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 00400042
.text C:\windows\System32\svchost.exe[860] msvcrt.dll!system 75FEB16F 5 Bytes JMP 00400027
.text C:\windows\System32\svchost.exe[860] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 00400FC8
.text C:\windows\System32\svchost.exe[860] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 00400FB7
.text C:\windows\System32\svchost.exe[860] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 0040000C
.text C:\windows\System32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 008F0000
.text C:\windows\System32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 008F0FC7
.text C:\windows\System32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 008F0FB6
.text C:\windows\System32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 008F004E
.text C:\windows\System32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 008F0011
.text C:\windows\System32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 008F0FA5
.text C:\windows\System32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 008F0033
.text C:\windows\System32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 008F0022
.text C:\windows\System32\svchost.exe[860] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 003F000A
.text C:\windows\system32\svchost.exe[884] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 00D50000
.text C:\windows\system32\svchost.exe[884] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 00D50036
.text C:\windows\system32\svchost.exe[884] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 00D5001B
.text C:\windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 00D60F6F
.text C:\windows\system32\svchost.exe[884] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 00D600CE
.text C:\windows\system32\svchost.exe[884] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 00D600BD
.text C:\windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 00D60040
.text C:\windows\system32\svchost.exe[884] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 00D60FA5
.text C:\windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 00D60FC0
.text C:\windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 75965079 1 Byte [E9]
.text C:\windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 00D6007D
.text C:\windows\system32\svchost.exe[884] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 00D60F28
.text C:\windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 00D60051
.text C:\windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 00D60F5E
.text C:\windows\system32\svchost.exe[884] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 00D6000A
.text C:\windows\system32\svchost.exe[884] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 00D60FEF
.text C:\windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 00D6006C
.text C:\windows\system32\svchost.exe[884] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 00D60F80
.text C:\windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 00D60025
.text C:\windows\system32\svchost.exe[884] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 00D60F43
.text C:\windows\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 00D6008E
.text C:\windows\system32\svchost.exe[884] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 00DC0000
.text C:\windows\system32\svchost.exe[884] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 00DC0FB7
.text C:\windows\system32\svchost.exe[884] msvcrt.dll!system 75FEB16F 5 Bytes JMP 00DC0FD2
.text C:\windows\system32\svchost.exe[884] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 00DC0FE3
.text C:\windows\system32\svchost.exe[884] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 00DC0042
.text C:\windows\system32\svchost.exe[884] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 00DC001D
.text C:\windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 00DE0000
.text C:\windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 00DE0047
.text C:\windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 00DE0FB9
.text C:\windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 00DE0FCA
.text C:\windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 00DE001B
.text C:\windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 00DE0FA8
.text C:\windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 00DE0036
.text C:\windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 00DE0FDB
.text C:\windows\system32\svchost.exe[884] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 00D70000
.text C:\windows\system32\svchost.exe[1096] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 003D000A
.text C:\windows\system32\svchost.exe[1096] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 003D0FDB
.text C:\windows\system32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 003D001B
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 003E00B3
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 003E0F5E
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 003E00F3
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 003E0FCA
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 003E006C
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 003E0FA8
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 003E005B
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 003E0F4D
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 003E0036
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 003E0F6F
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 003E0FEF
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 003E000A
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 003E0FB9
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 003E0098
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 003E001B
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 003E00CE
.text C:\windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 003E007D
.text C:\windows\system32\svchost.exe[1096] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 008B0FEF
.text C:\windows\system32\svchost.exe[1096] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 008B0F95
.text C:\windows\system32\svchost.exe[1096] msvcrt.dll!system 75FEB16F 5 Bytes JMP 008B0FA6
.text C:\windows\system32\svchost.exe[1096] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 008B0016
.text C:\windows\system32\svchost.exe[1096] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 008B0FB7
.text C:\windows\system32\svchost.exe[1096] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 008B0FDE
.text C:\windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 00900FEF
.text C:\windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 00900047
.text C:\windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 00900073
.text C:\windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 00900062
.text C:\windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 0090000A
.text C:\windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 00900FB6
.text C:\windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 0090002C
.text C:\windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 0090001B
.text C:\windows\system32\svchost.exe[1096] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 003F0000
.text C:\windows\system32\svchost.exe[1176] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 012C0000
.text C:\windows\system32\svchost.exe[1176] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 012C0036
.text C:\windows\system32\svchost.exe[1176] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 012C001B
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 012D009B
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 012D00DF
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 012D00CE
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 012D0FD4
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 012D0051
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 012D0F8D
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 012D0040
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 012D0F2F
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 012D0FB9
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 012D00AC
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 012D000A
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 012D0FEF
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 012D0F9E
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 012D0076
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 012D0025
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 012D00BD
.text C:\windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 012D0F68
.text C:\windows\system32\svchost.exe[1176] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 02A20000
.text C:\windows\system32\svchost.exe[1176] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 02A20027
.text C:\windows\system32\svchost.exe[1176] msvcrt.dll!system 75FEB16F 5 Bytes JMP 02A20F9C
.text C:\windows\system32\svchost.exe[1176] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 02A20FC8
.text C:\windows\system32\svchost.exe[1176] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 02A20FB7
.text C:\windows\system32\svchost.exe[1176] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 02A20FE3
.text C:\windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 02CD0FE5
.text C:\windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 02CD0036
.text C:\windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 02CD006C
.text C:\windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 02CD0051
.text C:\windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 02CD0000
.text C:\windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 02CD0091
.text C:\windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 02CD0FCA
.text C:\windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 02CD001B
.text C:\windows\system32\svchost.exe[1176] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 012E0000
.text C:\windows\system32\svchost.exe[1480] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 010E000A
.text C:\windows\system32\svchost.exe[1480] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 010E0FEF
.text C:\windows\system32\svchost.exe[1480] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 010E001B
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 012300CE
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 01230115
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 012300FA
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 01230040
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 01230087
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 01230062
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 01230FAF
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 01230F5B
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 01230FCA
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 012300DF
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 01230FEF
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 0123000A
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 01230051
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 012300BD
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 01230025
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 01230F80
.text C:\windows\system32\svchost.exe[1480] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 01230098
.text C:\windows\system32\svchost.exe[1480] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 01250FEF
.text C:\windows\system32\svchost.exe[1480] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 01250F89
.text C:\windows\system32\svchost.exe[1480] msvcrt.dll!system 75FEB16F 5 Bytes JMP 01250014
.text C:\windows\system32\svchost.exe[1480] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 01250FB5
.text C:\windows\system32\svchost.exe[1480] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 01250FA4
.text C:\windows\system32\svchost.exe[1480] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 01250FD2
.text C:\windows\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 012E000A
.text C:\windows\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 012E005B
.text C:\windows\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 012E0FB9
.text C:\windows\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 012E0FCA
.text C:\windows\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 012E001B
.text C:\windows\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 012E0F9E
.text C:\windows\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 012E0040
.text C:\windows\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 012E0FEF
.text C:\windows\system32\svchost.exe[1480] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 01240FE5
.text C:\windows\system32\svchost.exe[1524] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 002F0FE5
.text C:\windows\system32\svchost.exe[1524] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 002F0011
.text C:\windows\system32\svchost.exe[1524] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 002F0000
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 00300087
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 003000DF
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 003000C4
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 00300025
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 00300062
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 00300F94
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 00300051
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 00300104
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 00300FB9
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 00300098
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 00300FEF
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 0030000A
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 00300040
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 00300F5E
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 00300FDE
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 003000B3
.text C:\windows\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 00300F6F
.text C:\windows\system32\svchost.exe[1524] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 00310FEF
.text C:\windows\system32\svchost.exe[1524] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 00310F9E
.text C:\windows\system32\svchost.exe[1524] msvcrt.dll!system 75FEB16F 5 Bytes JMP 00310FC3
.text C:\windows\system32\svchost.exe[1524] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 00310029
.text C:\windows\system32\svchost.exe[1524] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 00310FD4
.text C:\windows\system32\svchost.exe[1524] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 0031000C
.text C:\windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 003A0FEF
.text C:\windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 003A001E
.text C:\windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 003A0F7C
.text C:\windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 003A0F97
.text C:\windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 003A0FDE
.text C:\windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 003A0039
.text C:\windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 003A0FBC
.text C:\windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 003A0FCD
.text C:\windows\Explorer.EXE[1796] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 022A000A
.text C:\windows\Explorer.EXE[1796] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 022A0FEF
.text C:\windows\Explorer.EXE[1796] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 022A0025
.text C:\windows\Explorer.EXE[1796] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 022D0076
.text C:\windows\Explorer.EXE[1796] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 022D0F0D
.text C:\windows\Explorer.EXE[1796] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 022D00A2
.text C:\windows\Explorer.EXE[1796] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 022D0FAF
.text C:\windows\Explorer.EXE[1796] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 022D0F5E
.text C:\windows\Explorer.EXE[1796] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 022D0F94
.text C:\windows\Explorer.EXE[1796] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 022D0F79
.text C:\windows\Explorer.EXE[1796] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 022D00B3
.text C:\windows\Explorer.EXE[1796] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 022D001B
.text C:\windows\Explorer.EXE[1796] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 022D0087
.text C:\windows\Explorer.EXE[1796] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 022D0FCA
.text C:\windows\Explorer.EXE[1796] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 022D0FEF
.text C:\windows\Explorer.EXE[1796] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 022D0036
.text C:\windows\Explorer.EXE[1796] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 022D0F4D
.text C:\windows\Explorer.EXE[1796] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 022D0000
.text C:\windows\Explorer.EXE[1796] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 022D0F28
.text C:\windows\Explorer.EXE[1796] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 022D0051
.text C:\windows\Explorer.EXE[1796] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 0468000A
.text C:\windows\Explorer.EXE[1796] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 04680FAF
.text C:\windows\Explorer.EXE[1796] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 04680F8D
.text C:\windows\Explorer.EXE[1796] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 04680F9E
.text C:\windows\Explorer.EXE[1796] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 04680FE5
.text C:\windows\Explorer.EXE[1796] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 04680F72
.text C:\windows\Explorer.EXE[1796] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 0468001B
.text C:\windows\Explorer.EXE[1796] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 04680FCA
.text C:\windows\Explorer.EXE[1796] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 0463000C
.text C:\windows\Explorer.EXE[1796] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 04630070
.text C:\windows\Explorer.EXE[1796] msvcrt.dll!system 75FEB16F 5 Bytes JMP 0463005F
.text C:\windows\Explorer.EXE[1796] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 04630FEF
.text C:\windows\Explorer.EXE[1796] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 0463004E
.text C:\windows\Explorer.EXE[1796] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 04630029
.text C:\windows\Explorer.EXE[1796] WININET.dll!InternetOpenA 76DC4E33 5 Bytes JMP 04690000
.text C:\windows\Explorer.EXE[1796] WININET.dll!InternetOpenUrlA 76DCBFCE 5 Bytes JMP 04690FEF
.text C:\windows\Explorer.EXE[1796] WININET.dll!InternetOpenW 76DFC02E 5 Bytes JMP 0469001B
.text C:\windows\Explorer.EXE[1796] WININET.dll!InternetOpenUrlW 76E2D70A 5 Bytes JMP 04690FDE
.text C:\windows\Explorer.EXE[1796] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 04620000
.text C:\windows\system32\svchost.exe[1932] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 003C0000
.text C:\windows\system32\svchost.exe[1932] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 003C0FE5
.text C:\windows\system32\svchost.exe[1932] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 003C001B
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 003D006C
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 003D00A9
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 003D0F14
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 003D0036
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 003D0F6F
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 003D0051
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 003D0F94
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 003D00BA
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 003D0FCA
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 003D007D
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 003D0000
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 003D0FE5
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 003D0FAF
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 003D0F43
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 003D001B
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 003D0098
.text C:\windows\system32\svchost.exe[1932] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 003D0F5E
.text C:\windows\system32\svchost.exe[1932] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 003F0000
.text C:\windows\system32\svchost.exe[1932] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 003F005B
.text C:\windows\system32\svchost.exe[1932] msvcrt.dll!system 75FEB16F 5 Bytes JMP 003F0036
.text C:\windows\system32\svchost.exe[1932] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 003F0FC6
.text C:\windows\system32\svchost.exe[1932] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 003F0025
.text C:\windows\system32\svchost.exe[1932] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 003F0FE3
.text C:\windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 00490FE5
.text C:\windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 00490025
.text C:\windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 00490F83
.text C:\windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 00490F9E
.text C:\windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 0049000A
.text C:\windows\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 00490F72
.text C:\windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 00490FB9
.text C:\windows\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 00490FCA
.text C:\windows\system32\svchost.exe[1932] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 003E0000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2528] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 6DE499A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2528] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 6DE49A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3592] ntdll.dll!DbgBreakPoint 771E40F0 3 Bytes [8B, 40, 30] {MOV EAX, [EAX+0x30]}
.text C:\windows\system32\svchost.exe[3820] ntdll.dll!NtCreateFile 771F55C8 5 Bytes JMP 00040FEF
.text C:\windows\system32\svchost.exe[3820] ntdll.dll!NtCreateProcess 771F5698 5 Bytes JMP 00040FD4
.text C:\windows\system32\svchost.exe[3820] ntdll.dll!NtProtectVirtualMemory 771F5F18 5 Bytes JMP 0004000A
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!GetStartupInfoA 75921E10 5 Bytes JMP 00010F8D
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!CreateProcessW 7592204D 5 Bytes JMP 000100FD
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!CreateProcessA 75922082 5 Bytes JMP 00010F68
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!CreateNamedPipeW 75952D47 5 Bytes JMP 00010028
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!VirtualProtect 75962BCD 5 Bytes JMP 0001008A
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!LoadLibraryExA 75964466 5 Bytes JMP 00010065
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!LoadLibraryExW 75965079 5 Bytes JMP 00010FB2
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!GetProcAddress 7596CC94 5 Bytes JMP 00010F43
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!LoadLibraryA 7596DC65 5 Bytes JMP 00010039
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!GetStartupInfoW 7596E2DD 5 Bytes JMP 000100D1
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!CreateFileW 7596E8A5 5 Bytes JMP 00010FDE
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!CreateFileA 7596EA61 5 Bytes JMP 00010FEF
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!LoadLibraryW 7596EF42 5 Bytes JMP 00010054
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!CreatePipe 759812A6 5 Bytes JMP 000100B6
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!CreateNamedPipeA 759ADBA8 5 Bytes JMP 00010FCD
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!WinExec 759AEDB2 5 Bytes JMP 000100E2
.text C:\windows\system32\svchost.exe[3820] kernel32.dll!VirtualProtectEx 759AFD51 5 Bytes JMP 0001009B
.text C:\windows\system32\svchost.exe[3820] msvcrt.dll!_open 75FB7E48 5 Bytes JMP 000E0FEF
.text C:\windows\system32\svchost.exe[3820] msvcrt.dll!_wsystem 75FEB04F 5 Bytes JMP 000E0FA8
.text C:\windows\system32\svchost.exe[3820] msvcrt.dll!system 75FEB16F 5 Bytes JMP 000E0033
.text C:\windows\system32\svchost.exe[3820] msvcrt.dll!_creat 75FEED29 5 Bytes JMP 000E0018
.text C:\windows\system32\svchost.exe[3820] msvcrt.dll!_wcreat 75FF038E 5 Bytes JMP 000E0FC3
.text C:\windows\system32\svchost.exe[3820] msvcrt.dll!_wopen 75FF0570 5 Bytes JMP 000E0FDE
.text C:\windows\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyA 76D0CC15 5 Bytes JMP 00140000
.text C:\windows\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyA 76D0CD01 5 Bytes JMP 00140FCA
.text C:\windows\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyExA 76D11469 5 Bytes JMP 00140051
.text C:\windows\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyW 76D11514 5 Bytes JMP 00140FAF
.text C:\windows\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyW 76D12459 5 Bytes JMP 00140011
.text C:\windows\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyExW 76D140FE 5 Bytes JMP 00140F94
.text C:\windows\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyExW 76D1468D 5 Bytes JMP 00140036
.text C:\windows\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyExA 76D14907 5 Bytes JMP 00140FDB
.text C:\windows\system32\svchost.exe[3820] WS2_32.dll!socket 75D93EB8 5 Bytes JMP 001D0000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\system32\mfevtps.exe[376] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00CAA510] C:\windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\windows\system32\rundll32.exe[1308] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\rundll32.exe[1308] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\rundll32.exe[1308] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\rundll32.exe[1308] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 866111F8
Device \Driver\volmgr \Device\VolMgrControl 8660D1F8
Device \Driver\usbuhci \Device\USBPDO-0 875421F8
Device \Driver\usbuhci \Device\USBPDO-1 875421F8
Device \Driver\usbuhci \Device\USBPDO-2 875421F8
Device \Driver\usbehci \Device\USBPDO-3 87536500
Device \Driver\usbuhci \Device\USBPDO-4 875421F8

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 875421F8
Device \Driver\usbuhci \Device\USBPDO-6 875421F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8CBEA47C-5158-4224-BCF2-8A2EF1F13D5D} 873C71F8
Device \Driver\volmgr \Device\HarddiskVolume1 8660D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8660D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 873FE500
Device \Driver\iaStor \Device\Ide\iaStor0 [8B6CF360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B6CF360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B6CF360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 8660D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{25B43C0C-FB6C-4A21-9049-F248B68EF84B} 873C71F8
Device \Driver\cdrom \Device\CdRom1 873FE500
Device \Driver\volmgr \Device\HarddiskVolume4 8660D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 873C71F8
Device \Driver\sptd \Device\1247213166 sppg.sys

AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\PCI_PNP3163 \Device\0000005e sppg.sys
Device \Driver\usbuhci \Device\USBFDO-0 875421F8
Device \Driver\usbuhci \Device\USBFDO-1 875421F8
Device \Driver\usbuhci \Device\USBFDO-2 875421F8
Device \Driver\usbehci \Device\USBFDO-3 87536500
Device \Driver\usbuhci \Device\USBFDO-4 875421F8
Device \Driver\usbuhci \Device\USBFDO-5 875421F8
Device \Driver\usbuhci \Device\USBFDO-6 875421F8
Device \Driver\usbehci \Device\USBFDO-7 87536500
Device \Driver\NetBT \Device\NetBT_Tcpip_{398CF0EA-63C4-4D90-ADC4-8320337F2829} 873C71F8
Device \Driver\a4cy5s2s \Device\Scsi\a4cy5s2s1Port1Path0Target0Lun0 875C41F8
Device \Driver\a4cy5s2s \Device\Scsi\a4cy5s2s1 875C41F8
Device \FileSystem\cdfs \Cdfs 874111F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x05 0x25 0x2E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0xCD 0xB8 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3E 0xBF 0xDE 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x97 0x6A 0x09 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x05 0x25 0x2E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0xCD 0xB8 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3E 0xBF 0xDE 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x97 0x6A 0x09 0xF0 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB59958$\1810398753 0 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\click.tlb 2144 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\L 0 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\L\xadqgnnk 54800 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\loader.tlb 2540 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\U 0 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\U\@00000001 48064 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\U\@000000c0 2560 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\U\@000000cb 2048 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\U\@80000000 28672 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\U\@800000c0 33280 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\U\@800000cb 27648 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\U\@800000cf 27648 bytes
File C:\Windows\$NtUninstallKB59958$\1810398753\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes
File C:\Windows\$NtUninstallKB59958$\28175455 0 bytes

---- EOF - GMER 1.0.15 ----



The first time I tried to run GMER it failed and I got another blue screen. I restarted the computer, which I thought might have problems booting again but it was ok. Second time, GMER ran fine. I'm not going to turn off the computer again until you've had a chance to look at these logs and advise me whether it might have problems again or whether you think it will be ok. I'm going to turn off my internet connection though to try to prevent anything getting in through the back door.

It might be worth noting that I also can't access Firefox, which I normally use, so I'm using Internet Explorer. I don't know if you might need to know that.

Thanks,

Mick

Edited by Megsbigbear, 08 September 2011 - 12:14 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:43 PM

Posted 08 September 2011 - 08:14 PM

I suggest you reinstall Firefox and see if it'll work.

Is the redirection still happening?

If so, which browser is affected?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Megsbigbear

Megsbigbear
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:04:43 AM

Posted 09 September 2011 - 10:36 AM

Hi again Broni.

By the way, Happy Birthday for last week!! I noticed it on your profile.

So I uninstalled Firefox, downloaded and installed it again and I'm not, so far anyway, getting redirected by either Firefox or Internet Explorer. Could this just be because I've restored it to an earlier point - i.e. before the infection? I ask this as I didn't notice anything get deleted when I ran the scans. MBAM came up blank as did everything else that I could see (though my knowledge of computing is fairly limited).

I would ask if this means that my computer is no longer infected, except that what concerns me is when I installed Firefox it got all the way to the automatic launch at the end, and as soon as it got to this point it suddenly went to a blue screen again and automatically restarted the computer. This time however, it booted up no problem. Is there anything we can do to further look into this to check that the computer is clean? Or am I jumping the gun and you were going to suggest stuff anyway? Do you think it should boot everytime. For the time being I'll still leave it on. Just in case (especially having had another blue screen error!).

Thanks again for this. It's really appreciated. I might be naive but I just fail to see what satisfaction people could get from trying to ruin other people's computers. I can understand what people such as yourself get from helping other people sort out their computers, but not from ruining them!

Mick

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:43 PM

Posted 09 September 2011 - 07:52 PM

Good news :)

Thank you for birthday wishes :)

Let's run couple more tools...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Megsbigbear

Megsbigbear
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:04:43 AM

Posted 10 September 2011 - 03:40 PM

Well now I'm even more confused because there's nothing to post from the ESET scan! It's come up as having found no threats!!

I don't understand.

I disabled my anti-virus software as you said. Should I have disabled my firewall as well? Will that have made a difference?

I don't see how it can be the case that there were no threats when, as far as I'm aware, nothing has been removed from my computer - other than restoring it to an earlier point.

What would you advise me to do next?

Thanks,

Mick

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:43 PM

Posted 10 September 2011 - 03:42 PM

Eset won't produce any log if nothing found.
Good news :)

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=============================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Megsbigbear

Megsbigbear
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:04:43 AM

Posted 11 September 2011 - 06:12 PM

That's wonderful! Thank you very much!! Thanks for all the time you've put in. It is very very much appreciated.
Take care,
Mick

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:43 PM

Posted 11 September 2011 - 06:18 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users