Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Erratic behaviour of laptop


  • This topic is locked This topic is locked
8 replies to this topic

#1 blueandy

blueandy

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:China
  • Local time:04:16 AM

Posted 17 October 2011 - 05:07 AM

Hi there,

Am running Windows XP Home Service Pack 3

On switch-on I receive the following RUNDLL Error message: "Error loading C:\WINDOWS\mpignpil.dll The specified module could not be found."

I cannot launch my security centre (McAfee AntiVirus Plus.)

I get sudden, unexpected shutdowns of my system.

I imagine a (multiple?) virus has knocked-out various protections, as also I cannot launch Windows Update.

Help appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:16 PM

Posted 17 October 2011 - 04:59 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 blueandy

blueandy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:China
  • Local time:04:16 AM

Posted 18 October 2011 - 09:19 AM

Hi Broni,

Thanks for your help. I've done 2 of the 3 things you listed, but the MalwareBytes download doesn't seem to work for me. Is there a problem with this?

Thanks.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:16 PM

Posted 18 October 2011 - 10:40 AM

MalwareBytes download doesn't seem to work for me

What happens?

Post other three logs.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 blueandy

blueandy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:China
  • Local time:04:16 AM

Posted 19 October 2011 - 08:44 AM

Hi Broni,

Just managed to get MBAM downloaded. Here are two of the files, as I'm being forced to shorten this post:


Check up txt:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

McAfee AntiVirus Plus
McAfee Virtual Technician
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Result txt:

MiniToolBox by Farbar
Ran by Phoebe (administrator) on 18-10-2011 at 11:26:29
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : DDW236K1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-25-56-A0-16-8B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : 18 October 2011 11:20:09

Lease Expires . . . . . . . . . . : 19 October 2011 11:20:09
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : TAP-Win32 Adapter V9

Physical Address. . . . . . . . . : 00-FF-DA-1C-80-32

Server: 192.168.1.1
Address: 192.168.1.1

Ping request could not find host google.com. Please check the name and try again.

Server: 192.168.1.1
Address: 192.168.1.1

Ping request could not find host yahoo.com. Please check the name and try again.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 25 56 a0 16 8b ...... Dell Wireless 1397 WLAN Mini-Card - Packet Scheduler Miniport
0x3 ...00 ff da 1c 80 32 ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.6 192.168.1.6 20
192.168.1.0 255.255.255.0 192.168.1.6 192.168.1.6 25
192.168.1.6 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.6 192.168.1.6 25
224.0.0.0 240.0.0.0 192.168.1.6 192.168.1.6 25
255.255.255.255 255.255.255.255 192.168.1.6 192.168.1.6 1
255.255.255.255 255.255.255.255 192.168.1.6 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/18/2011 10:30:18 AM) (Source: Application Error) (User: )
Description: Faulting application msmsgs.exe, version 4.7.0.3001, faulting module msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.
Processing media-specific event for [msmsgs.exe!ws!]

Error: (10/18/2011 10:29:34 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/18/2011 10:29:34 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/18/2011 10:29:34 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/18/2011 10:29:33 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/18/2011 10:29:33 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/18/2011 10:29:33 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/18/2011 10:29:32 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/18/2011 10:29:32 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/18/2011 10:29:32 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (10/18/2011 11:24:35 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
%%1058

Error: (10/18/2011 11:24:34 AM) (Source: DCOM) (User: Phoebe)
Description: DCOM got error "%%1068" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/18/2011 11:21:58 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register with DCOM within the required timeout.

Error: (10/18/2011 11:20:04 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {76DEF3AC-2910-4234-9EE2-C81B2D45833A} did not register with DCOM within the required timeout.

Error: (10/18/2011 11:19:34 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
%%1058

Error: (10/18/2011 11:19:34 AM) (Source: DCOM) (User: Phoebe)
Description: DCOM got error "%%1068" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/18/2011 11:19:30 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
%%1058

Error: (10/18/2011 11:19:30 AM) (Source: DCOM) (User: Phoebe)
Description: DCOM got error "%%1068" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/18/2011 11:19:26 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
%%1058

Error: (10/18/2011 11:19:26 AM) (Source: DCOM) (User: Phoebe)
Description: DCOM got error "%%1068" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (03/20/2010 01:51:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2325 seconds with 1860 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader 8.1.3 (Version: 8.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Amazon MP3 Downloader 1.0.8
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Battery Meter (Version: 0.0.0.10C)
Bonjour (Version: 2.0.5.0)
CapsLKNotify (Version: 0.1.0.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Dell Support Center (Version: 3.0.5744.02)
Dell Touchpad (Version: 12.2.8.0)
Dell Video Chat (Version: 6.1 (6751))
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
EMSC (Version: 0.0.0.20C)
Function Keys (Version: 0.1.0.6)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.69)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
Integrated Webcam Driver (1.02.02.0403) (Version: 1.02.02.0403)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 14.0.8117.416)
Kiwee Chatbar (Version: 3.2)
Kiwee Toolbar for Internet Explorer (Version: 3.2)
McAfee AntiVirus Plus (Version: 11.0.572)
McAfee Virtual Technician (Version: 6.0.0.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 7.0.1 (x86 en-GB) (Version: 7.0.1)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
OpenVPN 2.2.0-gui-1.0.3 (Version: 2.2.0-gui-1.0.3)
PowerDVD
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver
Segoe UI (Version: 14.0.4327.805)
SUPERAntiSpyware (Version: 4.50.1002)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
WSED (Version: 0.1.0.15)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 1014.36 MB
Available physical RAM: 423.2 MB
Total Pagefile: 2442 MB
Available Pagefile: 1780.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.2 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:148.94 GB) (Free:123.58 GB) NTFS
2 Drive d: (KINGSTON) (Removable) (Total:14.63 GB) (Free:3.44 GB) FAT32

========================= Users: ========================================

User accounts for \\DDW236K1

Administrator Guest HelpAssistant
Phoebe SUPPORT_388945a0


**** End of log ****

Part 2 coming up...

Thanks again.

#6 blueandy

blueandy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:China
  • Local time:04:16 AM

Posted 19 October 2011 - 08:45 AM

Hi Broni,

Part 2...

MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/10/2011 14:23:23
mbam-log-2011-10-19 (14-23-23).txt

Scan type: Quick scan
Objects scanned: 191462
Time elapsed: 22 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CdtYcssl (Trojan.Agent.H) -> Value: CdtYcssl -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Phoebe\Local Settings\Application Data\kyj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\phoebe\local settings\application data\tvqkqmwr\cdtycssl.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\phoebe\start menu\programs\startup\cdtycssl.exe (Trojan.Agent.H) -> Delete on reboot.
c:\documents and settings\Phoebe\local settings\Temp\tlrteuuuoogfgice.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\Phoebe\local settings\temporary internet files\Content.IE5\72KQTZ15\contacts[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.


Part 3 to follow....

#7 blueandy

blueandy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:China
  • Local time:04:16 AM

Posted 19 October 2011 - 08:52 AM

Part 4:

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-18 13:13:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-75ZCT2 rev.11.01A11
Running: 9i9voxbv.exe; Driver: C:\DOCUME~1\Phoebe\LOCALS~1\Temp\fwlyapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\DOCUME~1\Phoebe\LOCALS~1\Temp\jrugcplb.sys ZwCreateKey [0xF783F6AC]
SSDT \??\C:\DOCUME~1\Phoebe\LOCALS~1\Temp\jrugcplb.sys ZwOpenKey [0xF783F562]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA05F620]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7325D70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7325D84]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7325DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7325E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7325D5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7325D34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7325D48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7325D9A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7325DDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7325DC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7325E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7325E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7325DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP F7325DF4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP F7325E0A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP F7325E20 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP F7325DE0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP F7325D38 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP F7325D4C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP F7325E34 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 3 Bytes JMP F7325DCA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey + 4 80622666 3 Bytes [76, 90, 90] {JBE 0xffffffffffffff92; NOP }
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP F7325D9E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP F7325D74 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP F7325D88 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP F7325DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP F7325D60 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
init C:\WINDOWS\system32\Drivers\OA012Afx.sys entry point in "init" section [0xAA270D60]
? C:\DOCUME~1\Phoebe\LOCALS~1\Temp\jrugcplb.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[184] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 023C000A
.text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 023C0036
.text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 023C001B
.text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 058D0FE5
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 058D0062
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 058D0F6D
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 058D0051
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 058D0F94
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 058D0FAF
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 058D0F2B
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 058D0F48
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 058D0EFF
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 058D008E
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 058D00A9
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 058D002C
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 058D0000
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 058D0073
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 058D001B
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 058D0FCA
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 058D0F10
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 058C0FD4
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 058C0FB2
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 058C0025
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 058C0014
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 058C0FC3
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 058C0FEF
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 058C0065
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 058C0040
.text C:\WINDOWS\System32\svchost.exe[184] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 058B0F97
.text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!system 77C293C7 5 Bytes JMP 058B0FA8
.text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 058B0022
.text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_open 77C2F566 5 Bytes JMP 058B0000
.text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 058B0FCD
.text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 058B0011
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03200FE5
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200A2860
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200A1EBB
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 200A2541
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200A291B
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200A1E5C
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200A2948
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 031F0FE5
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 031F0FCA
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 200A1E27
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 031F0000
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 200A2745
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 200A269E
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 200A1E8E
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 031F0FAF
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 200A1DE1
.text C:\WINDOWS\System32\svchost.exe[184] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 200A1D9B
? C:\WINDOWS\system32\svchost.exe[248] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD0FDE
.text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10064
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10F6F
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10049
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10F8A
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D1002C
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D1009C
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D1007F
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D100DC
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F43
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D100ED
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D10FA5
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D10F54
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D10FC0
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\svchost.exe[248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D100C1
.text C:\WINDOWS\system32\svchost.exe[248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D00036
.text C:\WINDOWS\system32\svchost.exe[248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D0007D
.text C:\WINDOWS\system32\svchost.exe[248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D0001B
.text C:\WINDOWS\system32\svchost.exe[248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D00062
.text C:\WINDOWS\system32\svchost.exe[248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D00047
.text C:\WINDOWS\system32\svchost.exe[248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D00FCA
.text C:\WINDOWS\system32\svchost.exe[248] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\svchost.exe[248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0F70
.text C:\WINDOWS\system32\svchost.exe[248] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0F81
.text C:\WINDOWS\system32\svchost.exe[248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF0FB7
.text C:\WINDOWS\system32\svchost.exe[248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF0F9C
.text C:\WINDOWS\system32\svchost.exe[248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF0FD2
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\system32\svchost.exe[248] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
? C:\WINDOWS\system32\svchost.exe[384] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F4B
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0040
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA002F
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0F7C
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0FA8
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F1D
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0065
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0EE7
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0080
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA009B
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0F97
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0F3A
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F0C
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A40051
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A40014
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A40FDE
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A40040
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A40FA8
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C4, 88]
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A40FB9
.text C:\WINDOWS\system32\svchost.exe[384] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A30055
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A30FCA
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A30029
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A3000C
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A3003A
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A2000A
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\system32\svchost.exe[384] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\WINDOWS\System32\WLTRYSVC.EXE[716] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\System32\WLTRYSVC.EXE[716] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\System32\WLTRYSVC.EXE[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\System32\WLTRYSVC.EXE[716] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\System32\bcmwltry.exe[732] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\System32\bcmwltry.exe[732] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\System32\bcmwltry.exe[732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\System32\bcmwltry.exe[732] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\System32\bcmwltry.exe[732] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\System32\bcmwltry.exe[732] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\System32\bcmwltry.exe[732] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\System32\bcmwltry.exe[732] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\System32\bcmwltry.exe[732] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\System32\bcmwltry.exe[732] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\System32\bcmwltry.exe[732] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\System32\bcmwltry.exe[732] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\System32\bcmwltry.exe[732] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200A2860
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200A1EBB
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 200A2541
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200A291B
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200A1E5C
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200A2948
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 200A1E27
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 200A2975
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 200A2745
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 200A269E
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 200A1E8E
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 200A299C
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 200A1DE1
.text C:\WINDOWS\System32\bcmwltry.exe[732] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 200A1D9B
.text C:\WINDOWS\system32\brsvc01a.exe[760] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\brsvc01a.exe[760] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\brsvc01a.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\brsvc01a.exe[760] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\spoolsv.exe[772] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\brss01a.exe[776] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\brss01a.exe[776] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\brss01a.exe[776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\brss01a.exe[776] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
? C:\WINDOWS\system32\svchost.exe[868] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60F80
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60F9B
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60FB6
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60073
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60051
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F600B7
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60F65
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F600D9
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F600C8
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F60F25
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60062
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60014
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60090
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F60040
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F60025
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F60F54
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F50036
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F50065
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F50025
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50F9E
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F5000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F50FAF
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [15, 89]
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F50FCA
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10FC0
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10FDB
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C1003A
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C1004B
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C1001D
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200A2860
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200A1EBB
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 200A2541
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200A291B
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200A1E5C
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200A2948
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 200A1E27
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 200A2745
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 200A269E
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 200A1E8E
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00BF0FD1
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 200A1DE1
.text C:\WINDOWS\system32\svchost.exe[868] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 200A1D9B
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[916] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[932] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\Java\jre6\bin\jqs.exe[1056] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
? C:\WINDOWS\Explorer.EXE[1180] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[1180] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\Explorer.EXE[1180] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CF000A
.text C:\WINDOWS\Explorer.EXE[1180] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\Explorer.EXE[1180] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\Explorer.EXE[1180] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\Explorer.EXE[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0000
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB006C
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0F77
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0F94
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0FA5
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0FC0
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0093
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0F41
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB00DA
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB00BF
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DB00EB
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DB0047
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DB0F5C
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DB002C
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DB0011
.text C:\WINDOWS\Explorer.EXE[1180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DB00A4
.text C:\WINDOWS\Explorer.EXE[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DA0047
.text C:\WINDOWS\Explorer.EXE[1180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DA0FAF
.text C:\WINDOWS\Explorer.EXE[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DA0036
.text C:\WINDOWS\Explorer.EXE[1180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DA001B
.text C:\WINDOWS\Explorer.EXE[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DA006C
.text C:\WINDOWS\Explorer.EXE[1180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DA000A
.text C:\WINDOWS\Explorer.EXE[1180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DA0FC0
.text C:\WINDOWS\Explorer.EXE[1180] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FA, 88]
.text C:\WINDOWS\Explorer.EXE[1180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DA0FDB
.text C:\WINDOWS\Explorer.EXE[1180] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\Explorer.EXE[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D30040
.text C:\WINDOWS\Explorer.EXE[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D30025
.text C:\WINDOWS\Explorer.EXE[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D30FC6
.text C:\WINDOWS\Explorer.EXE[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D30000
.text C:\WINDOWS\Explorer.EXE[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D30FB5
.text C:\WINDOWS\Explorer.EXE[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D30FD7
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200A2860
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200A1EBB
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 200A2541
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200A291B
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200A1E5C
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200A2948
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D0000A
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D00025
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 200A1E27
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 200A2975
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 200A2745
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 200A269E
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 200A1E8E
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 200A299C
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 200A1DE1
.text C:\WINDOWS\Explorer.EXE[1180] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 200A1D9B
.text C:\WINDOWS\Explorer.EXE[1180] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00D20000
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1216] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200658BF
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1216] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20059E20
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2006573B
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1216] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200605B1
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A50FCA
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200658BF
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20059E20
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2006573B
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01170FEF
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01170F6B
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01170060
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01170F86
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01170F97
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01170FB9
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01170F3D
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01170085
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01170F1B
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011700AA
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01170F0A
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01170FA8
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0117000A
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01170F5A
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0117002F
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01170FD4
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01170F2C
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0116001B
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01160F68
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01160FD4
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01160000
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01160F83
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01160FEF
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01160F94
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [36, 89]
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01160FAF
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200605B1
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01150FAF
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!system 77C293C7 5 Bytes JMP 01150FCA
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01150029
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01150FEF
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0115003A
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0115000C
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200611A3
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200614CD
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200617E6
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!send 71AB4C27 5 Bytes JMP 20061155
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2006162A
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!recv 71AB676F 5 Bytes JMP 2006145E
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20061542
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20061705
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200615B3
? C:\WINDOWS\system32\svchost.exe[1360] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009A001B
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF00A1
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0090
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0073
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0FB6
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0047
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF00C3
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF0F87
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F3E
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF0F59
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F19
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0058
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF00B2
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FDB
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF0F6A
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0036
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0F79
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FE0F94
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1E, 89]
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE0FA5
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD006E
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0053
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0038
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0FE3
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD001D
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\system32\svchost.exe[1360] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
? C:\WINDOWS\system32\services.exe[1780] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[1780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 014E0FE5
.text C:\WINDOWS\system32\services.exe[1780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 014E0FC3
.text C:\WINDOWS\system32\services.exe[1780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 014E0FD4
.text C:\WINDOWS\system32\services.exe[1780] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\services.exe[1780] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\services.exe[1780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01560FEF
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01560082
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01560F8D
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01560067
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01560040
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01560025
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 015600C4
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01560F72
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 015600F0
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01560F57
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01560F3C
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01560F9E
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01560FDE
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0156009D
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01560FC3
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01560014
.text C:\WINDOWS\system32\services.exe[1780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 015600D5
.text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0151001B
.text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01510F76
.text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0151000A
.text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01510FDE
.text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01510F9B
.text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01510FEF
.text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0151003D
.text C:\WINDOWS\system32\services.exe[1780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0151002C
.text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01500FB9
.text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!system 77C293C7 5 Bytes JMP 01500044
.text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01500029
.text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01500FEF
.text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01500FD4
.text C:\WINDOWS\system32\services.exe[1780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0150000C
.text C:\WINDOWS\system32\services.exe[1780] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014F0000
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\system32\services.exe[1780] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
.text C:\WINDOWS\system32\lsass.exe[1792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\lsass.exe[1792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\lsass.exe[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D30FCA
.text C:\WINDOWS\system32\lsass.exe[1792] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\lsass.exe[1792] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\lsass.exe[1792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9003D
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F52
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9002C
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F6F
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90EFF
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F10
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90ECC
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90EDD
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90EB1
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F94
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F2D
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FAF
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\lsass.exe[1792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90EEE
.text C:\WINDOWS\system32\lsass.exe[1792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FCA
.text C:\WINDOWS\system32\lsass.exe[1792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80047
.text C:\WINDOWS\system32\lsass.exe[1792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\lsass.exe[1792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\lsass.exe[1792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80F8A
.text C:\WINDOWS\system32\lsass.exe[1792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\system32\lsass.exe[1792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\lsass.exe[1792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80FAF
.text C:\WINDOWS\system32\lsass.exe[1792] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\lsass.exe[1792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70069
.text C:\WINDOWS\system32\lsass.exe[1792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B7004E
.text C:\WINDOWS\system32\lsass.exe[1792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70FD4
.text C:\WINDOWS\system32\lsass.exe[1792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\lsass.exe[1792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70033
.text C:\WINDOWS\system32\lsass.exe[1792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70018
.text C:\WINDOWS\system32\lsass.exe[1792] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\system32\lsass.exe[1792] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\system32\lsass.exe[1792] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\system32\lsass.exe[1792]

Part 5:
WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\lsass.exe[1792] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\system32\lsass.exe[1792] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\system32\lsass.exe[1792] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\system32\lsass.exe[1792] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\system32\lsass.exe[1792] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\system32\lsass.exe[1792] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[1908] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B
? C:\WINDOWS\system32\svchost.exe[1956] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DD002C
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DD0011
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E10093
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10F9E
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E1006C
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E10051
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10025
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10F55
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E10F72
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E100D3
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E10F3A
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E100E4
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10040
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E10FE5
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10F83
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10FB9
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E10FCA
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E100B8
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E00FA8
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00039
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E00FB9
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00F7C
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00FE5
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E00014
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00F8D
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\svchost.exe[1956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF0044
.text C:\WINDOWS\system32\svchost.exe[1956] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FB9
.text C:\WINDOWS\system32\svchost.exe[1956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0029
.text C:\WINDOWS\system32\svchost.exe[1956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF0FD4
.text C:\WINDOWS\system32\svchost.exe[1956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF0018
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
? C:\WINDOWS\system32\svchost.exe[2044] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FD0025
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58BF
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A573B
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01120FEF
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0112004A
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01120F55
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01120F66
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01120F83
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01120025
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01120093
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01120078
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011200BF
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011200AE
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011200DA
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01120F9E
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01120FDE
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0112005B
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01120FB9
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateNamedPipeA 7C860CDC 3 Bytes JMP 0112000A
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateNamedPipeA + 4 7C860CE0 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!WinExec 7C86250D 3 Bytes JMP 01120F30
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!WinExec + 4 7C862511 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01110000
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01110062
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01110FAF
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01110FCA
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01110051
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01110FEF
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01110040
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01110025
.text C:\WINDOWS\system32\svchost.exe[2044] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B1
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0044
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0033
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0018
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A3
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14CD
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17E6
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A1155
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A162A
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A145E
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1542
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1705
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B3
.text C:\WINDOWS\system32\mfevtps.exe[2064] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\WINDOWS\system32\mfevtps.exe[2064] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\system32\mfevtps.exe[2064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\WINDOWS\system32\mfevtps.exe[2064] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text D:\phoebe\9i9voxbv.exe[2160] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text D:\phoebe\9i9voxbv.exe[2160] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text D:\phoebe\9i9voxbv.exe[2160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text D:\phoebe\9i9voxbv.exe[2160] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2240] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
? C:\WINDOWS\system32\svchost.exe[2452] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00850FD4
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00850FE5
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DE0075
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DE0064
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DE0F8A
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DE0047
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DE0FB9
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DE0F3E
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DE0F4F
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DE0F01
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DE0F1C
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DE0EF0
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DE0036
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DE0FDE
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DE0086
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DE0025
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DE0014
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DE0F2D
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DD0036
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DD0FB6
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DD001B
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DD0069
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DD0058
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DD0047
.text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00860051
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!system 77C293C7 5 Bytes JMP 00860036
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00860FC6
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00860FE3
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0086001B
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00860000
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[2708] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\WINDOWS\RTHDCPL.EXE[2876] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\WINDOWS\RTHDCPL.EXE[2876] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\RTHDCPL.EXE[2876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\WINDOWS\RTHDCPL.EXE[2876] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\WINDOWS\system32\igfxpers.exe[2964] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\WINDOWS\system32\igfxpers.exe[2964] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\system32\igfxpers.exe[2964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\WINDOWS\system32\igfxpers.exe[2964] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\WINDOWS\OA012Mon.exe[2992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\WINDOWS\OA012Mon.exe[2992] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\OA012Mon.exe[2992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\WINDOWS\OA012Mon.exe[2992] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\WINDOWS\system32\WLTRAY.exe[3020] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\WINDOWS\system32\WLTRAY.exe[3020] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\system32\WLTRAY.exe[3020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\WINDOWS\system32\WLTRAY.exe[3020] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\WINDOWS\system32\WLTRAY.exe[3020] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B
.text C:\Program Files\WSED\WSED.exe[3040] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\WSED\WSED.exe[3040] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\WSED\WSED.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\WSED\WSED.exe[3040] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Battery Meter\BTMeter.exe[3052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Battery Meter\BTMeter.exe[3052] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Battery Meter\BTMeter.exe[3052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Battery Meter\BTMeter.exe[3052] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[3088] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\CapsLKNotify\CapsLKNotify.exe[3164] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\CapsLKNotify\CapsLKNotify.exe[3164] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\CapsLKNotify\CapsLKNotify.exe[3164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\CapsLKNotify\CapsLKNotify.exe[3164] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\WINDOWS\system32\igfxsrvc.exe[3240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\WINDOWS\system32\igfxsrvc.exe[3240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\system32\igfxsrvc.exe[3240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\WINDOWS\system32\igfxsrvc.exe[3240] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe[3432] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B
.text C:\Program Files\iPod\bin\iPodService.exe[3476] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\iPod\bin\iPodService.exe[3476] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\iPod\bin\iPodService.exe[3476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\iPod\bin\iPodService.exe[3476] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3484] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3576] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\Program Files\iTunes\iTunesHelper.exe[3652] WININET.DLL!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\Program Files\OpenVPN\bin\openvpn-gui.exe[3712] WININET.DLL!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B
.text C:\WINDOWS\system32\ctfmon.exe[3740] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\WINDOWS\system32\ctfmon.exe[3740] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\system32\ctfmon.exe[3740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\WINDOWS\system32\ctfmon.exe[3740] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3912] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B
.text C:\Program Files\Messenger\msmsgs.exe[3952] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F40000
.text C:\Program Files\Messenger\msmsgs.exe[3952] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F40FDB
.text C:\Program Files\Messenger\msmsgs.exe[3952] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F40011
.text C:\Program Files\Messenger\msmsgs.exe[3952] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Messenger\msmsgs.exe[3952] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Messenger\msmsgs.exe[3952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01FE0000
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01FE0080
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01FE0F95
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01FE006F
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01FE0FB2
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01FE0FDE
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01FE00A7
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01FE0F5F
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01FE0F33
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01FE00CC
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01FE0F22
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01FE0FCD
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01FE0025
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01FE0F70
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01FE004A
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01FE0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01FE0F44
.text C:\Program Files\Messenger\msmsgs.exe[3952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0F7F
.text C:\Program Files\Messenger\msmsgs.exe[3952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0000
.text C:\Program Files\Messenger\msmsgs.exe[3952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FB5
.text C:\Program Files\Messenger\msmsgs.exe[3952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FE3
.text C:\Program Files\Messenger\msmsgs.exe[3952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0F9A
.text C:\Program Files\Messenger\msmsgs.exe[3952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FD2
.text C:\Program Files\Messenger\msmsgs.exe[3952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01FD002C
.text C:\Program Files\Messenger\msmsgs.exe[3952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01FD006C
.text C:\Program Files\Messenger\msmsgs.exe[3952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01FD0FDB
.text C:\Program Files\Messenger\msmsgs.exe[3952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01FD001B
.text C:\Program Files\Messenger\msmsgs.exe[3952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01FD0FA5
.text C:\Program Files\Messenger\msmsgs.exe[3952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01FD0000
.text C:\Program Files\Messenger\msmsgs.exe[3952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01FD0FC0
.text C:\Program Files\Messenger\msmsgs.exe[3952] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1D, 8A]
.text C:\Program Files\Messenger\msmsgs.exe[3952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01FD0047
.text C:\Program Files\Messenger\msmsgs.exe[3952] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\Messenger\msmsgs.exe[3952] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FD0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FD0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\Program Files\Messenger\msmsgs.exe[3952] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3980] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3980] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3980] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258BF
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 2002573B
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B1
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A3
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214CD
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217E6
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20021155
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2002162A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2002145E
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021542
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021705
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B3
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 20022860
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 20021EBB
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 20022541
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2002291B
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 20021E5C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 20022948
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 20021E27
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20022975
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 20022745
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2002269E
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 20021E8E
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2002299C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 20021DE1
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4076] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 20021D9B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[2064] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4B0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[2064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A510] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Phoebe\Local Settings\Application Data\tvqkqmwr\cdtycssl.exe 114738 bytes executable
File C:\Documents and Settings\Phoebe\Start Menu\Programs\Startup\cdtycssl.exe 114738 bytes executable
File C:\Documents and Settings\Phoebe\Start Menu\Programs\Startup\desktop.ini 84 bytes

---- EOF - GMER 1.0.15 ----


Many thanks, once again.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:16 PM

Posted 19 October 2011 - 10:17 AM

It looks like we have rather serious infection there.

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:16 PM

Posted 21 October 2011 - 12:45 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic424300.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users