Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got rid of a virus-- am I still infected?


  • Please log in to reply
6 replies to this topic

#1 egerren

egerren

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 December 2011 - 09:22 AM

Hey everyone,
My computer just came down with a Vista Home Security (or something similar, I got rid of it fast) virus, which I was able to remove... I think! I ran a Malwarebytes scan overnight and when I came back, the computer had "Recovered from an unexpected shutdown." I ran another that morning, which took 6 hours (usually averages 4 or 5) and found several infected files, which MBAM fixed. However, I think there is still something going on.

When I bring up Firefox, every now and then a random tab will pop up with a really complicated URL, then redirect to a random news or health website. It did that about four times. When I started up this morning and brought up FF, an entire new window with about a dozen of these random tabs came up. It's very bizarre! I've never visited any of the websites, nor heard of them at all, and I'm concerned about that redirect from the crazy URLs...

Here's a screenshot of a window it just brought up:
http://i21.photobucket.com/albums/b260/egerren/Screenshot.jpg

Do I still have a virus, or is FF just going haywire? Help is much appreciated!
Thanks!

(Edit: I am running Windows Vista.)

Edited by egerren, 15 December 2011 - 12:35 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:49 PM

Posted 15 December 2011 - 01:21 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 egerren

egerren
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 December 2011 - 04:20 PM

Because my internet is sketchy at the moment:

Security check results:

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee Internet Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````


MBAM quick scan log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8368

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/15/2011 8:36:14 AM
mbam-log-2011-12-15 (08-36-14).txt

Scan type: Quick scan
Objects scanned: 236376
Time elapsed: 21 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:49 PM

Posted 15 December 2011 - 05:08 PM

Go on....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 egerren

egerren
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 December 2011 - 05:44 PM

Can you tell me approximately how long the GMER scan will take? Thanks so much for your help!

#6 egerren

egerren
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 16 December 2011 - 01:20 PM

Got it! GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-16 13:18:23
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C
Running: iv6df74b.exe; Driver: C:\Users\Emi\AppData\Local\Temp\pwrirkoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x87C49498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x87C494C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x87C494AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x87C49484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8262C1A0 5 Bytes JMP 87C49488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 827E82F0 5 Bytes JMP 87C494C6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 82829AFE 7 Bytes JMP 87C4949C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8282A155 5 Bytes JMP 87C494B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[780] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00E30000
.text C:\Windows\System32\svchost.exe[780] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 00E3001B
.text C:\Windows\System32\svchost.exe[780] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00E30FE5
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 00E400D3
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 00E40F97
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 00E40109
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 00E40F72
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 00E4009D
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 00E40FD4
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 00E40076
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00E40FC3
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 00E400B8
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 00E40065
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00E4004A
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 00E40FA8
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 00E40F4D
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 00E40011
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 00E40FE5
.text C:\Windows\System32\svchost.exe[780] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 00E400EE
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 00E50F92
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!system 75FF8B63 5 Bytes JMP 00E50027
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 00E50FB7
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 00E50FE3
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 00E5000C
.text C:\Windows\System32\svchost.exe[780] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 00E50FD2
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 00E60FA8
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 00E60FB9
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 00E60FEF
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 00E60040
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 00E60065
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 00E6001B
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 00E6000A
.text C:\Windows\System32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 00E60FCA
.text C:\Windows\system32\services.exe[788] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 0016000A
.text C:\Windows\system32\services.exe[788] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 0016002F
.text C:\Windows\system32\services.exe[788] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00160FEF
.text C:\Windows\system32\services.exe[788] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 00170F72
.text C:\Windows\system32\services.exe[788] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 001700AE
.text C:\Windows\system32\services.exe[788] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 001700EE
.text C:\Windows\system32\services.exe[788] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 00170F57
.text C:\Windows\system32\services.exe[788] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 00170F9E
.text C:\Windows\system32\services.exe[788] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 0017005B
.text C:\Windows\system32\services.exe[788] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 00170076
.text C:\Windows\system32\services.exe[788] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00170FD4
.text C:\Windows\system32\services.exe[788] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 00170F8D
.text C:\Windows\system32\services.exe[788] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 00170FB9
.text C:\Windows\system32\services.exe[788] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00170FE5
.text C:\Windows\system32\services.exe[788] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 0017009D
.text C:\Windows\system32\services.exe[788] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 00170109
.text C:\Windows\system32\services.exe[788] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 0017001B
.text C:\Windows\system32\services.exe[788] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00170000
.text C:\Windows\system32\services.exe[788] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 00170040
.text C:\Windows\system32\services.exe[788] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 001700C9
.text C:\Windows\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 001E0F83
.text C:\Windows\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 001E0FA5
.text C:\Windows\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 001E0F94
.text C:\Windows\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 001E0F68
.text C:\Windows\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 001E000A
.text C:\Windows\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 001E001B
.text C:\Windows\system32\services.exe[788] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\services.exe[788] msvcrt.dll!system 75FF8B63 5 Bytes JMP 001D005F
.text C:\Windows\system32\services.exe[788] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\services.exe[788] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 001D000C
.text C:\Windows\system32\services.exe[788] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 001D004E
.text C:\Windows\system32\services.exe[788] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 001D0029
.text C:\Windows\system32\services.exe[788] WS2_32.dll!socket 771436D1 5 Bytes JMP 00860FEF
.text C:\Windows\system32\services.exe[788] WININET.dll!InternetOpenA 757B0A4D 5 Bytes JMP 00870000
.text C:\Windows\system32\services.exe[788] WININET.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 00870FD4
.text C:\Windows\system32\services.exe[788] WININET.dll!InternetOpenW 757B30C8 5 Bytes JMP 00870FEF
.text C:\Windows\system32\services.exe[788] WININET.dll!InternetOpenUrlW 75808515 5 Bytes JMP 00870FC3
.text C:\Windows\system32\lsass.exe[804] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00210000
.text C:\Windows\system32\lsass.exe[804] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 00210FD1
.text C:\Windows\system32\lsass.exe[804] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00210011
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 00230F2F
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 00230F40
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 00230F03
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 0023009A
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 00230F87
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 00230033
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 00230FA2
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00230044
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 00230F76
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 0023005F
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00230FBD
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 00230F5B
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 002300AB
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 00230011
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00230000
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 00230022
.text C:\Windows\system32\lsass.exe[804] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 00230F1E
.text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 00560039
.text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyA 7606B8AE 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 00560FB2
.text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 0056000A
.text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 00560FA1
.text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 0056004A
.text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 00560FDE
.text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 00560FEF
.text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 00560FCD
.text C:\Windows\system32\lsass.exe[804] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 0055005A
.text C:\Windows\system32\lsass.exe[804] msvcrt.dll!system 75FF8B63 5 Bytes JMP 00550049
.text C:\Windows\system32\lsass.exe[804] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 0055002E
.text C:\Windows\system32\lsass.exe[804] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 00550000
.text C:\Windows\system32\lsass.exe[804] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 00550FD9
.text C:\Windows\system32\lsass.exe[804] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 0055001D
.text C:\Windows\system32\lsass.exe[804] WS2_32.dll!socket 771436D1 5 Bytes JMP 00570FE5
.text C:\Windows\system32\lsass.exe[804] WININET.dll!InternetOpenA 757B0A4D 5 Bytes JMP 00220FEF
.text C:\Windows\system32\lsass.exe[804] WININET.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 00220FD4
.text C:\Windows\system32\lsass.exe[804] WININET.dll!InternetOpenW 757B30C8 5 Bytes JMP 0022000A
.text C:\Windows\system32\lsass.exe[804] WININET.dll!InternetOpenUrlW 75808515 5 Bytes JMP 00220FAF
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 001A0025
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 001B0F4B
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 001B0F66
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 001B0F30
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 001B00C7
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 001B007D
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 001B001B
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 001B006C
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 001B0051
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 001B0F92
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 001B0FAF
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 001B0036
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 001B0F81
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 001B00D8
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 001B0FE5
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 001B0FCA
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 001B00AC
.text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 001C0064
.text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!system 75FF8B63 5 Bytes JMP 001C0049
.text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 001C002E
.text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 001C0FD9
.text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 001C0011
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 001D005B
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 001D002F
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 001D004A
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 001D0F9E
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 001D0FC3
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 001D001E
.text C:\Windows\system32\svchost.exe[1004] WS2_32.dll!socket 771436D1 5 Bytes JMP 00410FEF
.text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00900FEF
.text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 0090000A
.text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00900FDE
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 00DD0EF7
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 00DD003D
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 00DD0073
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 00DD0EDC
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 00DD0F48
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 00DD0011
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 00DD0F65
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00DD0F9B
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 00DD0F2D
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 00DD0F80
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00DD0022
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 00DD0F12
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 00DD0ECB
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 00DD0FCA
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00DD0FE5
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 00DD0000
.text C:\Windows\system32\svchost.exe[1072] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 00DD0058
.text C:\Windows\system32\svchost.exe[1072] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 00DE0F89
.text C:\Windows\system32\svchost.exe[1072] msvcrt.dll!system 75FF8B63 5 Bytes JMP 00DE0014
.text C:\Windows\system32\svchost.exe[1072] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 00DE0FB5
.text C:\Windows\system32\svchost.exe[1072] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 00DE0FE3
.text C:\Windows\system32\svchost.exe[1072] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 00DE0FA4
.text C:\Windows\system32\svchost.exe[1072] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 00DE0FC6
.text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 00DF0051
.text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 00DF001B
.text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 00DF0040
.text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 00DF0F94
.text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 00DF0FCA
.text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 00DF000A
.text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 00DF0FB9
.text C:\Windows\system32\svchost.exe[1072] WS2_32.dll!socket 771436D1 5 Bytes JMP 01000FEF
.text C:\Windows\system32\svchost.exe[1072] WININET.dll!InternetOpenA 757B0A4D 5 Bytes JMP 00D2000A
.text C:\Windows\system32\svchost.exe[1072] WININET.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 00D20FDB
.text C:\Windows\system32\svchost.exe[1072] WININET.dll!InternetOpenW 757B30C8 5 Bytes JMP 00D2001B
.text C:\Windows\system32\svchost.exe[1072] WININET.dll!InternetOpenUrlW 75808515 5 Bytes JMP 00D20036
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00930FEF
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 00930000
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00930FCA
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 00920096
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 00920F50
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 00920F17
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 009200B8
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 00920F86
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 00920039
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 00920060
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00920FB2
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 0092007B
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 00920F97
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00920FCD
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 00920F61
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 00920F06
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 0092000A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00920FEF
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 00920FDE
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 009200A7
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 00D80F9C
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!system 75FF8B63 5 Bytes JMP 00D80FB7
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 00D8001D
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 00D80000
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 00D80FC8
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 00D80FE3
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 00DD0F90
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 7606B8AE 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 00DD0FB2
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 00DD0000
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 00DD0FA1
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 00DD004D
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 00DD0FD4
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 00DD0FE5
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 00DD0FC3
.text C:\Windows\System32\svchost.exe[1128] WS2_32.dll!socket 771436D1 5 Bytes JMP 00DE0FEF
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenA 757B0A4D 5 Bytes JMP 00420FEF
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 0042000A
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenW 757B30C8 5 Bytes JMP 00420FD4
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlW 75808515 5 Bytes JMP 0042002F
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 00DF0FCA
.text C:\Windows\System32\svchost.exe[1220] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00DF0FEF
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 01640F70
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 016400B6
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 016400D1
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 75CB1C36 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 01640F3A
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 01640FA6
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 01640FC3
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 01640080
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 01640054
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 01640F95
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 0164006F
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 0164002F
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 0164009B
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 016400E2
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 0164000A
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 01640FEF
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 01640FD4
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 01640F5F
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 016A0025
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!system 75FF8B63 5 Bytes JMP 016A000A
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 016A0FAB
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 016A0FEF
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 016A0F9A
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 016A0FC6
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 016F0047
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 016F001B
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 016F0FEF
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 016F0036
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 016F0062
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 016F0FD4
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 016F000A
.text C:\Windows\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 016F0FAF
.text C:\Windows\System32\svchost.exe[1220] WS2_32.dll!socket 771436D1 5 Bytes JMP 0170000A
.text C:\Windows\System32\svchost.exe[1220] WININET.dll!InternetOpenA 757B0A4D 5 Bytes JMP 017A0000
.text C:\Windows\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 017A0011
.text C:\Windows\System32\svchost.exe[1220] WININET.dll!InternetOpenW 757B30C8 5 Bytes JMP 017A0FE5
.text C:\Windows\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 75808515 5 Bytes JMP 017A002C
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 010A0FEF
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 010A0FCA
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 010A0000
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory 76F98F18 5 Bytes JMP 00DF000A
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!KiUserExceptionDispatcher 76F99648 5 Bytes JMP 0058000A
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 012B0095
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 012B0F59
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 012B0F19
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 012B00A6
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 012B0069
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 012B003D
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 012B0F9B
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 012B004E
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 012B0084
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 012B0FB6
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 012B0FD1
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 012B0F74
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 012B00C1
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 012B001B
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 012B0000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 012B002C
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 012B0F2A
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 01380FCD
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!system 75FF8B63 5 Bytes JMP 01380FDE
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 0138003A
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 01380000
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 01380FEF
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 01380029
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 013D004E
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 013D002C
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 013D0FEF
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 013D003D
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 013D005F
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 013D001B
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 013D0000
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 013D0FC0
.text C:\Windows\system32\svchost.exe[1240] WS2_32.dll!socket 771436D1 5 Bytes JMP 013E0FEF
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenA 757B0A4D 5 Bytes JMP 01250000
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 0125001B
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenW 757B30C8 5 Bytes JMP 01250FE5
.text C:\Windows\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlW 75808515 5 Bytes JMP 01250036
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 00080025
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 00D00098
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 00D00F52
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 00D00F15
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 00D00F30
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 00D00F7E
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 00D00036
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 00D00FA5
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00D00FC0
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 00D00F6D
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 00D00062
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00D00047
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 00D00073
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 00D00F04
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 00D00FE5
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00D00000
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 00D0001B
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 00D00F41
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 00D10F9C
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!system 75FF8B63 5 Bytes JMP 00D10031
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 00D10FC1
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 00D10016
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 00D10FDE
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 00DA0025
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 00DA0F9E
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 00DA0FE5
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 00DA0F83
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 00DA0036
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 00DA0FB9
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 00DA0FD4
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 00DA0014
.text C:\Windows\system32\svchost.exe[1432] WS2_32.dll!socket 771436D1 5 Bytes JMP 00DF0FE5
.text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenA 757B0A4D 5 Bytes JMP 00430FE5
.text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 00430025
.text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenW 757B30C8 5 Bytes JMP 0043000A
.text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenUrlW 75808515 5 Bytes JMP 00430040
.text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00420FE5
.text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 0042000A
.text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00420FCA
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 00CC0F4D
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 00CC0F5E
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 00CC00D3
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 00CC0F3C
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 00CC006E
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 00CC002F
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 00CC0F94
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00CC0040
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 00CC0F79
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 00CC0051
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00CC0FB9
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 00CC0089
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 00CC0F21
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 00CC0FEF
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00CC000A
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 00CC0FD4
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 00CC00B8
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 00D1005D
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!system 75FF8B63 5 Bytes JMP 00D1004C
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 00D1001D
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 00D10FD2
.text C:\Windows\system32\svchost.exe[1800] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 00D1000C
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 00D60FB2
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 00D60FC3
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 00D60000
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 00D6004A
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 00D60065
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 00D60025
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 00D60FEF
.text C:\Windows\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 00D60FD4
.text C:\Windows\system32\svchost.exe[1800] WS2_32.dll!socket 771436D1 5 Bytes JMP 00D70000
.text C:\Windows\system32\svchost.exe[1800] WININET.dll!InternetOpenA 757B0A4D 5 Bytes JMP 00CB0000
.text C:\Windows\system32\svchost.exe[1800] WININET.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 00CB0FDE
.text C:\Windows\system32\svchost.exe[1800] WININET.dll!InternetOpenW 757B30C8 5 Bytes JMP 00CB0FEF
.text C:\Windows\system32\svchost.exe[1800] WININET.dll!InternetOpenUrlW 75808515 5 Bytes JMP 00CB0039
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 34A10FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 34A10FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 34A10000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 34C300B5
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 34C300A4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 34C30F4A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 34C300E1
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 34C30F9E
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 34C30FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 34C30076
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 34C3004A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 34C30093
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 34C30065
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 34C30FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 34C30F83
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 34C300FC
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 34C3001B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 34C30000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 34C30FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 34C300D0
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 34C40F9A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] msvcrt.dll!system 75FF8B63 5 Bytes JMP 34C40FAB
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 34C40FC6
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 34C40FE3
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 34C4001B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 34C40000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 34C50FAF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 34C50040
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 34C50000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 34C50051
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 34C50076
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 34C5002F
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 34C50FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 34C50FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] WS2_32.dll!socket 771436D1 5 Bytes JMP 34C60FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] WININET.dll!InternetOpenA 757B0A4D 5 Bytes JMP 34A20000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] WININET.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 34A2001B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] WININET.dll!InternetOpenW 757B30C8 5 Bytes JMP 34A20FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2156] WININET.dll!InternetOpenUrlW 75808515 5 Bytes JMP 34A20036
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2344] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00EF000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2344] ntdll.dll!NtWriteVirtualMemory 76F98F18 5 Bytes JMP 00F0000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2344] ntdll.dll!KiUserExceptionDispatcher 76F99648 5 Bytes JMP 00DC000A
.text C:\Windows\system32\svchost.exe[2440] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00D60FEF
.text C:\Windows\system32\svchost.exe[2440] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 00D60FC3
.text C:\Windows\system32\svchost.exe[2440] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00D60FD4
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 00D7006D
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 00D70F27
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 00D700AD
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 00D7009C
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 00D70F5A
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 00D70FC3
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 00D70F6B
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00D70F97
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 00D70F49
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 00D70F7C
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00D70FA8
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 00D70F38
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 00D700BE
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 00D7000A
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00D70FEF
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 00D70FD4
.text C:\Windows\system32\svchost.exe[2440] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 00D70F16
.text C:\Windows\system32\svchost.exe[2440] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 00D80069
.text C:\Windows\system32\svchost.exe[2440] msvcrt.dll!system 75FF8B63 5 Bytes JMP 00D8004E
.text C:\Windows\system32\svchost.exe[2440] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 00D80FEF
.text C:\Windows\system32\svchost.exe[2440] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 00D8000C
.text C:\Windows\system32\svchost.exe[2440] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 00D80FDE
.text C:\Windows\system32\svchost.exe[2440] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 00D8001D
.text C:\Windows\system32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 00D90FA5
.text C:\Windows\system32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 00D90047
.text C:\Windows\system32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 00D90000
.text C:\Windows\system32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 00D90FC0
.text C:\Windows\system32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 00D90062
.text C:\Windows\system32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 00D9001B
.text C:\Windows\system32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 00D90FDB
.text C:\Windows\system32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 00D9002C
.text C:\Windows\system32\svchost.exe[2440] WS2_32.dll!socket 771436D1 5 Bytes JMP 00DA000A
.text C:\Windows\System32\svchost.exe[2516] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2516] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[2516] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 000600BD
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 00060F77
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 000600FD
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 000600EC
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 00060091
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 00060FD4
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 00060076
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00060FC3
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 000600A2
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 00060065
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00060040
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 00060F92
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 00060118
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[2516] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 00060F66
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 00070049
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!system 75FF8B63 5 Bytes JMP 00070FBE
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 0007002E
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 00070FD9
.text C:\Windows\System32\svchost.exe[2516] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 00070011
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 00080051
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 0008002F
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 00080FE5
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 00080040
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 0008006C
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 00080FD4
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[2516] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 00080FB9
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2740] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 6F009A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2740] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 6F0099A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[3680] ntdll.dll!NtCreateFile 76F97C78 5 Bytes JMP 00040FE5
.text C:\Windows\Explorer.EXE[3680] ntdll.dll!NtCreateProcess 76F97D38 5 Bytes JMP 00040FB9
.text C:\Windows\Explorer.EXE[3680] ntdll.dll!NtProtectVirtualMemory 76F985D8 5 Bytes JMP 00040FD4
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!GetStartupInfoW 75CB1929 5 Bytes JMP 000100F2
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!GetStartupInfoA 75CB19C9 5 Bytes JMP 000100E1
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!CreateProcessW 75CB1C01 5 Bytes JMP 00010139
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!CreateProcessA 75CB1C36 5 Bytes JMP 00010128
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!VirtualProtect 75CB1DD1 5 Bytes JMP 0001009A
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!CreateNamedPipeW 75CB5C44 5 Bytes JMP 00010040
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!LoadLibraryExW 75CD374A 5 Bytes JMP 0001007D
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!LoadLibraryW 75CD382D 5 Bytes JMP 00010062
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!VirtualProtectEx 75CD8F5E 5 Bytes JMP 000100B5
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!LoadLibraryExA 75CD9649 5 Bytes JMP 00010FC0
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!LoadLibraryA 75CD9671 5 Bytes JMP 00010051
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!CreatePipe 75CE0474 5 Bytes JMP 000100C6
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!GetProcAddress 75CFBAC6 5 Bytes JMP 00010F87
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!CreateFileW 75CFCE4E 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!CreateFileA 75CFD171 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!CreateNamedPipeA 75D4462E 5 Bytes JMP 0001002F
.text C:\Windows\Explorer.EXE[3680] kernel32.dll!WinExec 75D4580B 5 Bytes JMP 00010117
.text C:\Windows\Explorer.EXE[3680] ADVAPI32.dll!RegCreateKeyExA 7606B5E7 5 Bytes JMP 00060F86
.text C:\Windows\Explorer.EXE[3680] ADVAPI32.dll!RegCreateKeyA 7606B8AE 1 Byte [E9]
.text C:\Windows\Explorer.EXE[3680] ADVAPI32.dll!RegCreateKeyA 7606B8AE 5 Bytes JMP 00060FB2
.text C:\Windows\Explorer.EXE[3680] ADVAPI32.dll!RegOpenKeyA 76070BF5 5 Bytes JMP 00060FEF
.text C:\Windows\Explorer.EXE[3680] ADVAPI32.dll!RegCreateKeyW 7607B83D 5 Bytes JMP 00060F97
.text C:\Windows\Explorer.EXE[3680] ADVAPI32.dll!RegCreateKeyExW 7607BCE1 5 Bytes JMP 00060039
.text C:\Windows\Explorer.EXE[3680] ADVAPI32.dll!RegOpenKeyExA 7607D4E8 5 Bytes JMP 00060FCD
.text C:\Windows\Explorer.EXE[3680] ADVAPI32.dll!RegOpenKeyW 76083CB0 5 Bytes JMP 00060FDE
.text C:\Windows\Explorer.EXE[3680] ADVAPI32.dll!RegOpenKeyExW 7608F09D 5 Bytes JMP 0006001E
.text C:\Windows\Explorer.EXE[3680] msvcrt.dll!_wsystem 75FF8A47 5 Bytes JMP 00070FB7
.text C:\Windows\Explorer.EXE[3680] msvcrt.dll!system 75FF8B63 5 Bytes JMP 00070042
.text C:\Windows\Explorer.EXE[3680] msvcrt.dll!_creat 75FFC6F1 5 Bytes JMP 00070FD2
.text C:\Windows\Explorer.EXE[3680] msvcrt.dll!_open 75FFDA7E 5 Bytes JMP 00070FEF
.text C:\Windows\Explorer.EXE[3680] msvcrt.dll!_wcreat 75FFDC9E 5 Bytes JMP 00070027
.text C:\Windows\Explorer.EXE[3680] msvcrt.dll!_wopen 75FFDE79 5 Bytes JMP 0007000C
.text C:\Windows\Explorer.EXE[3680] WS2_32.dll!socket 771436D1 5 Bytes JMP 0308000A
.text C:\Windows\Explorer.EXE[3680] WININET.dll!InternetOpenA 757B0A4D 5 Bytes JMP 03180FEF
.text C:\Windows\Explorer.EXE[3680] WININET.dll!InternetOpenUrlA 757B2713 5 Bytes JMP 03180FCA
.text C:\Windows\Explorer.EXE[3680] WININET.dll!InternetOpenW 757B30C8 5 Bytes JMP 0318000A
.text C:\Windows\Explorer.EXE[3680] WININET.dll!InternetOpenUrlW 75808515 5 Bytes JMP 0318001B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[944] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0001A4B0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[944] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0001A510] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FB8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FF9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FBB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FAFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FB7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FAEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FEB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FBBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FB0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FB06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FA71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7403D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FD7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FAE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FA697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FA69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FB2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB59234$\1350081819 0 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877 0 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\@ 2048 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\bckfg.tmp 852 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\cfg.ini 208 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\keywords 236 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\L 0 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\L\qnbwvoto 273408 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\U 0 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB59234$\2853653877\U\80000032.@ 98304 bytes

---- EOF - GMER 1.0.15 ----







==============================


I can't run MiniToolBox; I'm getting the error message "The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll"


Edit number 8 million: got it working, log:


MiniToolBox by Farbar
Ran by Emi (administrator) on 16-12-2011 at 13:21:39
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:60121

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 60121
"network.proxy.type", 0
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Ralink 802.11n Wireless LAN Card = Wireless Network Connection 2 (Connected)
Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Family-laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Ralink 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 00-24-2B-78-D4-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.56(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, December 16, 2011 11:08:21 AM
Lease Expires . . . . . . . . . . : Saturday, December 17, 2011 1:19:08 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC
Physical Address. . . . . . . . . : 00-23-5A-4B-A8-F6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C966F92B-F884-40CE-8096-7E5FAFC26918}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.neo.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.neo.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E7AEE8D3-6310-4545-A043-2DB8577BC8A9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E7AEE8D3-6310-4545-A043-2DB8577BC8A9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.113.147] with 32 bytes of data:

Reply from 74.125.113.147: bytes=32 time=38ms TTL=48

Reply from 74.125.113.147: bytes=32 time=46ms TTL=48



Ping statistics for 74.125.113.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 46ms, Average = 42ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=53ms TTL=48

Reply from 209.191.122.70: bytes=32 time=96ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 53ms, Maximum = 96ms, Average = 74ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 24 2b 78 d4 ac ...... Ralink 802.11n Wireless LAN Card
10 ...00 23 5a 4b a8 f6 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{C966F92B-F884-40CE-8096-7E5FAFC26918}
14 ...00 00 00 00 00 00 00 e0 isatap.neo.rr.com
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.neo.rr.com
16 ...00 00 00 00 00 00 00 e0 isatap.{E7AEE8D3-6310-4545-A043-2DB8577BC8A9}
17 ...00 00 00 00 00 00 00 e0 isatap.{E7AEE8D3-6310-4545-A043-2DB8577BC8A9}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.56 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.56 281
192.168.1.56 255.255.255.255 On-link 192.168.1.56 281
192.168.1.255 255.255.255.255 On-link 192.168.1.56 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.56 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.56 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/16/2011 01:23:26 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x19a8, application start time 0xnslookup.exe0.

Error: (12/16/2011 01:22:16 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x1db0, application start time 0xnslookup.exe0.

Error: (12/16/2011 01:22:06 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x750, application start time 0xnslookup.exe0.

Error: (12/16/2011 11:55:50 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (12/16/2011 11:08:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2011 10:01:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2011 09:57:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2239223

Error: (12/15/2011 09:57:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2239223

Error: (12/15/2011 09:57:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/15/2011 09:20:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5460


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (12/11/2011 10:05:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24836 seconds with 4140 seconds of active time. This session ended with a crash.

Error: (07/21/2010 09:54:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 113043 seconds with 6960 seconds of active time. This session ended with a crash.

Error: (03/18/2010 10:07:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2711 seconds with 2580 seconds of active time. This session ended with a crash.

Error: (02/26/2010 11:03:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24507 seconds with 1980 seconds of active time. This session ended with a crash.

Error: (04/16/2009 04:50:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Assist
Acer eDataSecurity Management (Version: 3.0.3065)
Acer Empowering Technology (Version: 3.0.3009)
Acer ePower Management (Version: 3.0.3014)
Acer eRecovery Management (Version: 3.0.3014)
Acer eSettings Management (Version: 3.0.3007)
Acer GridVista (Version: 2.72.317)
Acer Mobility Center Plug-In (Version: 3.0.3000)
Acer Registration
Acer ScreenSaver (Version: 1.11.0506)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Action Replay DSi Code Manager
Adobe AIR (Version: 2.7.0.19530)
Adobe Digital Editions
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Photoshop Elements 2.0 (Version: 2.0)
Adobe Reader 9 (Version: 9.0.0)
Agatha Christie Peril at End House
Agere Systems HDA Modem
Agfa ScanWise 2.00
Alice Greenfingers
Alien Shooter
ALPS Touch Pad Driver (Version: Version 7.0.1101.18)
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.2.120)
ArcSoft MediaImpression (Version: 1.2.19.436)
ArcSoft VideoImpression 2
AVIConverter 5.1.6 (Version: 5.1.6)
Bamboo
BitZipper 2010
Bonjour (Version: 2.0.3.0)
Bookworm Adventures
Bricks of Egypt
C:\Program Files\Acer GameZone\GameConsole (Version: 2.0.1.2)
Cake Mania
Chaotic (Version: 1.00.0000)
Chicken Invaders 2
Corel Painter Essentials 4
Corel Painter Essentials 4 (Version: 4.2)
Cradle of Rome
Crystal Reports Basic Runtime for Visual Studio 2008 (Version: 10.5.0.0)
CyberLink PowerDirector (Version: 6.5.3023)
Dream Day First Home
Dundjinni
Einy Player (Version: 1.03.0014)
energyXT2.5
eSobi v2 (Version: 2.0.3.000201)
Finale Reader 2011 (Version: 2011..r2.1)
Galapago
GameFly (Version: 1.0.1047)
GDR 3073 for SQL Server Database Services 2005 ENU (KB954606) (Version: 9.2.3073)
GDR 3073 for SQL Server Tools and Workstation Components 2005 ENU (KB954606) (Version: 9.2.3073)
GIMP 2.6.6
Go-Go Gourmet
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2308.2056)
Google Update Helper (Version: 1.3.21.79)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.0.0.68)
J2SE Runtime Environment 5.0 Update 17 (Version: 1.5.0.170)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java™ 6 Update 21 (Version: 6.0.210)
JMicron JMB38X Flash Media Controller (Version: 1.00.14.03)
Launch Manager
LEGO Digital Designer
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Magic Farm
Magic Match Adventures
MagicScore
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee Internet Security Suite (Version: 11.0.623)
Melody Assistant (Version: 7.6.0f)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SOSHOME309) (Version: 9.2.3042.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.2.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Musicnotes Software Suite 1.2 (Version: 1.2)
Mystery Solitaire - Secret Island
Mythic Mahjong
Netflix Movie Viewer (Version: 1.2.211)
Notepad++ (Version: 5.9.3)
NTI Backup Now 5 (Version: 5.1.2.606)
NTI Backup Now Standard (Version: 5.1.2.606)
NTI Media Maker 8 (Version: 8.0.2.6329)
OnLive
PaintTool SAI Ver.1
ParetoLogic FileCure (Version: 1.1.1.0)
PC Camer@ (Version: 1.0.4.9)
PhotoNow! (Version: 1.1.4619)
Progressive Reader 2008
QuickTime (Version: 7.67.75.0)
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5648)
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.3 (Version: 5.3.111)
SPORE™ (Version: 1.00.0000)
Switched-On Schoolhouse 2009 - Home Edition Database (Version: 4.1.0.31)
TeLL me More CJ
The Rise of Atlantis
The Sims 2
The Sims™ 2 Seasons
Tiks Texas Hold em
Tom Clancys Splinter Cell (Version: 1.0)
Unity Web Player (Version: 2.5.1f5_24931)
ViewNX (Version: 1.3.0)
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
yWriter5
Zoo Tycoon 2 - African Adventure (Version: 1.00.0000)

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1977.27 MB
Available physical RAM: 838.81 MB
Total Pagefile: 4199.82 MB
Available Pagefile: 2459.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.64 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:20.76 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:111.44 GB) (Free:47.47 GB) NTFS
4 Drive g: () (Removable) (Total:7.39 GB) (Free:6.85 GB) FAT32

========================= Users: ========================================

User accounts for \\FAMILY-LAPTOP

Administrator Emi Guest
Lisa Neil Samuel


**** End of log ****

Edited by egerren, 16 December 2011 - 01:24 PM.


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:49 PM

Posted 16 December 2011 - 07:56 PM

More advanced help will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users