Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing infections


  • This topic is locked This topic is locked
14 replies to this topic

#1 cher d

cher d

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 21 January 2012 - 11:24 AM

Hello,

I had a web redirecting issue and received help with removing it here http://www.bleepingcomputer.com/forums/topic439227.html/page__gopid__2564864#entry2564864

I was informed that my computer was still infected and advised to follow the steps in the Preperation Guide for Receiving Help in Cleaning Your Computer. Here are the DDS and GMER logs. Also, see attached file. Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by cdavis at 10:07:53 on 2012-01-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3060.1989 [GMT -5:00]
.
AV: Microsoft Forefront Client Security *Disabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\oracle\ora92\bin\omtsreco.exe
c:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
c:\windows\system32\slclient.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.atlantaga.gov
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [TpShocks] TpShocks.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoPublishingWizard = 1 (0x1)
uPolicies-explorer: NoWebServices = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://atlopen.atlantaga.gov/CACHE/webvpn/stc/1/binaries/stcweb.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275074774593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278029765265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF} - hxxp://ditcats.atlanta.local/jinitiator/oajinit.exe
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP24-10113/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{342638AE-878F-4CC8-99AF-0077C54DD2E3} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: ACNotify - ACNotify.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina
Hosts: 94.63.240.131 www.google.com
Hosts: 94.63.240.132 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-5-28 24304]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-6-9 343920]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2010-5-28 21504]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-11-27 13480]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-5-28 132456]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2011-1-8 16896]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2010-8-31 69528]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-5-28 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-11-27 44984]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-3-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-3-25 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-3-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-9 70728]
R2 MOM;MOM;c:\program files\microsoft forefront\client security\client\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
R2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files\qualcomm\qdlservice2k\QDLService2kLenovo.exe [2009-12-18 331512]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-5-28 45056]
R2 SLClient;ScriptLogic Service;c:\windows\system32\slclient.exe [2011-3-21 564736]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-11-27 62904]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-5-28 2320920]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-5-28 127232]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-5-28 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-28 125696]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2010-5-28 81280]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-9 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-9 43288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-5-28 57320]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\drivers\qcfilterlno2k.sys [2010-5-28 5248]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\drivers\qcusbnetlno2k.sys [2010-5-28 116224]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\drivers\qcusbserlno2k.sys [2010-5-28 106368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [2011-3-30 22136]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-21 40776]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-9 66600]
S3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-7-18 71296]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-7-21 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-21 08:59:49 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{f9f73135-d4fe-4500-98b8-9ae14383378d}\offreg.dll
2012-01-21 07:19:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-20 22:25:37 -------- d-----w- c:\documents and settings\cdavis\application data\Malwarebytes
2012-01-20 22:25:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-20 22:24:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-20 22:24:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-01-21 14:05:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-21 14:05:54 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-21 09:00:03 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-01-21 08:59:34 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
.
============= FINISH: 10:08:15.29 ===============



-------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-21 11:07:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.AXM0
Running: gmer.exe; Driver: C:\DOCUME~1\cdavis\LOCALS~1\Temp\kxdyyuow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xB7C097B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB7C09676]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB7C09610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB7C09624]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7C0968A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7C096B6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB7C09724]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB7C0970E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB7C0973A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7C097F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB7C09766]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB7C09662]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7C095D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7C095E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB7C097CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB7C097A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB7C096F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB7C096E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB7C096A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB7C0978E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB7C0977A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB7C0964E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB7C0963A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB7C096CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7C09827]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB7C09750]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7C0980E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7C097E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B7C097E6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 805790A8 5 Bytes JMP B7C097BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B7C097FC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B7C09812 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B841E 7 Bytes JMP B7C097D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B7C095D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B7C095EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE8A 5 Bytes JMP B7C0963E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B7C09628 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D1230 5 Bytes JMP B7C09614 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D173A 5 Bytes JMP B7C09652 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B7C0982B mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80622314 7 Bytes JMP B7C096E6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B7C096D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 8062298C 7 Bytes JMP B7C09754 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8062323E 7 Bytes JMP B7C096FC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B7C096A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B7C0967A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B7C0968E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B7C096BA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8062493C 7 Bytes JMP B7C09728 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80624BA6 7 Bytes JMP B7C09712 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B7C09666 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80625810 7 Bytes JMP B7C097A6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625AD0 5 Bytes JMP B7C0977E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwLoadKey2 80625F20 7 Bytes JMP B7C0973E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 806261C4 5 Bytes JMP B7C09792 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806262DE 5 Bytes JMP B7C0976A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5B0A380, 0x3E5675, 0xE8000020]
? C:\DOCUME~1\cdavis\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F66
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE005B
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0F8D
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0040
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F2E
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F49
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F0C
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F1D
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00C0
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE002F
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0080
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0091
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093006C
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FDE
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930014
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FB9
.text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920042
.text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920031
.text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0092000C
.text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FC1
.text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FD2
.text C:\WINDOWS\system32\svchost.exe[288] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[288] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[288] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00900014
.text C:\WINDOWS\system32\svchost.exe[288] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00900FC3
.text C:\WINDOWS\system32\svchost.exe[288] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002600A4
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260093
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260076
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600C9
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600F5
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002600E4
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260106
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260065
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260040
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\iexplore.exe[548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F66
.text C:\Program Files\Internet Explorer\iexplore.exe[548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035006C
.text C:\Program Files\Internet Explorer\iexplore.exe[548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0035001B
.text C:\Program Files\Internet Explorer\iexplore.exe[548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[548] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350047
.text C:\Program Files\Internet Explorer\iexplore.exe[548] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350036
.text C:\Program Files\Internet Explorer\iexplore.exe[548] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[548] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[548] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[548] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[548] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[548] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[548] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[548] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[548] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360014
.text C:\Program Files\Internet Explorer\iexplore.exe[548] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360F89
.text C:\Program Files\Internet Explorer\iexplore.exe[548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FB5
.text C:\Program Files\Internet Explorer\iexplore.exe[548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360F9A
.text C:\Program Files\Internet Explorer\iexplore.exe[548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[548] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 009D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[548] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 009D0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[548] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 009D001B
.text C:\Program Files\Internet Explorer\iexplore.exe[548] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 009D002C
.text C:\Program Files\Internet Explorer\iexplore.exe[548] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE004A
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE002F
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0F61
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE001E
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0FA1
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0082
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE0071
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0EF0
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0093
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE00A4
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0F86
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0F3A
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FB2
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE0FCD
.text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE0F1F
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E50FC0
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E5007D
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E50011
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E5006C
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E50051
.text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E50036
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E40FA3
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E40FBE
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E4002E
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E4000C
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E40FCF
.text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E4001D
.text C:\WINDOWS\system32\services.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01310FEF
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01310F49
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01310F5A
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01310F75
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01310032
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01310F97
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0131007E
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01310063
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013100A3
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01310F0A
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013100C8
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01310F86
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01310FDE
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01310F38
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01310FB2
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01310FC3
.text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01310F1B
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01300FC3
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01300040
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01300FD4
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0130000A
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0130002F
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01300FEF
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01300F8D
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [50, 89]
.text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01300FA8
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012F0F9C
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 012F0031
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012F0FD2
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012F0000
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012F0FC1
.text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012F0FE3
.text C:\WINDOWS\system32\lsass.exe[1116] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012E0FEF
.text C:\WINDOWS\system32\lsass.exe[1116] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 012D0FEF
.text C:\WINDOWS\system32\lsass.exe[1116] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 012D0FDE
.text C:\WINDOWS\system32\lsass.exe[1116] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 012D0FC3
.text C:\WINDOWS\system32\lsass.exe[1116] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 012D000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02460FE5
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02460076
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0246005B
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02460F8D
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02460040
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02460F9E
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024600B8
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02460F66
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02460F29
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02460F3A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02460F18
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0246002F
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02460000
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02460087
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02460FAF
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02460FCA
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02460F55
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02450047
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02450073
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0245002C
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0245001B
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02450FB6
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0245000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02450058
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02450FDB
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0044
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0029
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0018
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F5C
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60051
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60040
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60F83
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60F9E
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60F1D
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F3A
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60EF1
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60F02
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C6009B
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60025
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F4B
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6000A
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FB9
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60080
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50076
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50036
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50025
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C50065
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C50FC3
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E5, 88] {IN EAX, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50FDE
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40036
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40FAB
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FE3
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40025
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FC6
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C3000A
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025B0FEF
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025B0F5C
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025B0051
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025B0040
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025B0F83
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025B001B
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025B0F30
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025B0F41
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025B00A4
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025B0093
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025B00B5
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025B0F9E
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025B0FD4
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025B0062
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025B000A
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025B0FB9
.text C:\WINDOWS\System32\svchost.exe[1652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025B0F1F
.text C:\WINDOWS\System32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 021F0036
.text C:\WINDOWS\System32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 021F0FA5
.text C:\WINDOWS\System32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 021F0025
.text C:\WINDOWS\System32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 021F0FE5
.text C:\WINDOWS\System32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 021F006C
.text C:\WINDOWS\System32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 021F0000
.text C:\WINDOWS\System32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 021F0051
.text C:\WINDOWS\System32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 021F0FCA
.text C:\WINDOWS\System32\svchost.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 021E0FB7
.text C:\WINDOWS\System32\svchost.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 021E0038
.text C:\WINDOWS\System32\svchost.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 021E0FC8
.text C:\WINDOWS\System32\svchost.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 021E0FE3
.text C:\WINDOWS\System32\svchost.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 021E001D
.text C:\WINDOWS\System32\svchost.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 021E000C
.text C:\WINDOWS\System32\svchost.exe[1652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 021D0000
.text C:\WINDOWS\System32\svchost.exe[1652] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 021C0000
.text C:\WINDOWS\System32\svchost.exe[1652] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 021C001B
.text C:\WINDOWS\System32\svchost.exe[1652] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 021C002C
.text C:\WINDOWS\System32\svchost.exe[1652] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 021C0047
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F1E
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065001D
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F43
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F54
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650064
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650049
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650089
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650EE6
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650ED5
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650F79
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0065002E
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F01
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640039
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640076
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640014
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640FB9
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0064005B
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0064004A
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630040
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FAB
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FC6
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FE3
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630000
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F700CE
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F700B3
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F700A2
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70087
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F700F0
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70130
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F8D
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70141
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70076
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70025
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F700DF
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70051
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70036
.text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70101
.text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60025
.text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60076
.text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60014
.text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FDE
.text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6005B
.text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F60FB9
.text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [16, 89]
.text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60040
.text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50F97
.text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50022
.text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50011
.text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FE3
.text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50FB2
.text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[1772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00880FEF
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00880071
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00880F7C
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00880F8D
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0088004A
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00880FC3
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008800AE
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00880093
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008800E4
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00880F4B
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008800FF
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00880FA8
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00880FD4
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00880082
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0088002F
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008800C9
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00870025
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00870076
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00870FD4
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00870FE5
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00870051
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00870040
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00870FB9
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00860049
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!system 77C293C7 5 Bytes JMP 00860038
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00860FE3
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00860000
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00860FC8
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0086001D
.text C:\WINDOWS\system32\svchost.exe[1900] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00850000
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EF0F59
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EF0F74
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EF0058
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EF0047
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF001B
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EF0F10
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EF0F2D
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EF0EE4
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF0073
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EF0EC9
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EF002C
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EF0FCA
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EF0F48
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EF0FB9
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EF0EF5
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EE0047
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EE007D
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EE002C
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EE001B
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EE0FB6
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EE0062
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EE0FD1
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00ED0FB7
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!system 77C293C7 5 Bytes JMP 00ED0042
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00ED0027
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00ED0FD2
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\svchost.exe[2012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EC0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0026007F
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F94
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260062
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600A1
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F65
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F1C
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F2D
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260EF7
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260047
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260090
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260022
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260011
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F3E
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F80
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350047
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350036
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012DDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 012DDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01241CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360F95
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0036000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 012E488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 01170000
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 0117001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 01170FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 01170036
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ws2_32.dll!socket 71AB4211 5 Bytes JMP 04130FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03270000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03270F72
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03270F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0327005D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03270036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03270FA5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 032700A9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03270082
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03270F2B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 032700C4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 032700DF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03270F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03270FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03270F57
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03270FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03270011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03270F46
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03260025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03260FA5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03260FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0326000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03260062
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03260FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03260047
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03260036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03250070
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] msvcrt.dll!system 77C293C7 5 Bytes JMP 03250FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0325003A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03250000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03250055
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03250029
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03240FEF
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0F70
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F81
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0F92
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD005B
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F55
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD009D
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F33
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00CC
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD00DD
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0040
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0080
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD002F
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0014
.text C:\WINDOWS\system32\svchost.exe[3600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F44
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0058
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0FA5
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0047
.text C:\WINDOWS\system32\svchost.exe[3600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0036
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB004E
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB003D
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB002C
.text C:\WINDOWS\system32\svchost.exe[3600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FD7
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E9006F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90054
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90F7A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90F97
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F44
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E90096
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90EFD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E90F0E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E90EE2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90F5F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E90F33
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80F9B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E8001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80FC0
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E8000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E80058
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E80047
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70062
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70047
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70018
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3676] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\SearchIndexer.exe[3940] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[4704] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260073
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260062
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260051
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260036
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260025
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F48
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F63
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F1C
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002600AB
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600C6
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260F94
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260084
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F2D
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350022
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350011
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0035003D
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0036003D
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360022
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 009D0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 009D0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 009D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 009D001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4880] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260091
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260080
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260065
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260040
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F6B
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002600B3
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600EC
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F49
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260F38
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260014
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002600A2
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260025
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0035002C
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350011
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350062
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350051
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012DDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 012DDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01241CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360042
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360027
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360016
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 012E488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 01160000
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 01160FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 01160FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 01160FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[5236] ws2_32.dll!socket 71AB4211 5 Bytes JMP 04130000
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00A0
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0085
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0FA1
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A005E
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F6B
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00BD
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00CE
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F3F
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F1A
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FB2
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F86
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A002F
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\Explorer.EXE[5380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F50
.text C:\WINDOWS\Explorer.EXE[5380] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[5380] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290051
.text C:\WINDOWS\Explorer.EXE[5380] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[5380] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[5380] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F94
.text C:\WINDOWS\Explorer.EXE[5380] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[5380] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0029002C
.text C:\WINDOWS\Explorer.EXE[5380] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FAF
.text C:\WINDOWS\Explorer.EXE[5380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0066
.text C:\WINDOWS\Explorer.EXE[5380] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A004B
.text C:\WINDOWS\Explorer.EXE[5380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0029
.text C:\WINDOWS\Explorer.EXE[5380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[5380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A003A
.text C:\WINDOWS\Explorer.EXE[5380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[5380] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[5380] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\Explorer.EXE[5380] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 002C0011
.text C:\WINDOWS\Explorer.EXE[5380] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 002C0FC0
.text C:\WINDOWS\Explorer.EXE[5380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02BF0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F69
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F7A
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260054
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F97
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F20
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F31
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260EFB
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260094
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600AF
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F4E
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260025
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260083
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350036
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350073
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035001B
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350058
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350047
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012DDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 012DDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01241CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FBE
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FD9
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360038
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0036000C
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360049
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0036001D
.text C:\Program Files\Internet Explorer\iexplore.exe[5652] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 012E488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB41342$\1238558892 0 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\bckfg.tmp 846 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\cfg.ini 199 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\keywords 179 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\L 0 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\L\aavmayqi 52480 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U 0 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\80000032.@ 77312 bytes
File C:\WINDOWS\$NtUninstallKB41342$\2715435319 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:49 PM

Posted 21 January 2012 - 11:40 AM

Hello cher d ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
Tdsskiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 21 January 2012 - 12:48 PM

Hi Fireman4it- Thanks a bunch for your assistance.

While running Combofix I got an error message 3 times that stated Windows cannot find NIRKMD. I clicked Ok each time. I alos got error message rmbr.3xe encountered problems. Combofix found RookKit activity and needed to reboot. I got NIRKMD application error message that said failed to initialize properly. Click ok to terminate when each Combofix stage completed. 50 stages completed and the system rebooted. During reboot I got NIRKMD.3XE and CF2889.3XE application errors that said failed to initialize properly. Click ok to terminate. After the system rebooted the NIRKMD error message appeared numerous times.

I believe Combifix may have deleted some folders that I need. See below.
c:\documents and settings\cdavis.MCOP-R8W0L52\WINDOWS
c:\documents and settings\cdavis\WINDOWS
c:\documents and settings\cdpenamon\WINDOWS
c:\documents and settings\CityUser\WINDOWS
c:\documents and settings\clawrence\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\lrodriguez\WINDOWS

Here are the logs.

c11:58:49.0828 2256 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
11:58:50.0234 2256 ============================================================
11:58:50.0234 2256 Current date / time: 2012/01/21 11:58:50.0234
11:58:50.0234 2256 SystemInfo:
11:58:50.0234 2256
11:58:50.0234 2256 OS Version: 5.1.2600 ServicePack: 3.0
11:58:50.0234 2256 Product type: Workstation
11:58:50.0234 2256 ComputerName: MCOP-R8W0L52
11:58:50.0234 2256 UserName: cdavis
11:58:50.0234 2256 Windows directory: C:\WINDOWS
11:58:50.0234 2256 System windows directory: C:\WINDOWS
11:58:50.0234 2256 Processor architecture: Intel x86
11:58:50.0234 2256 Number of processors: 4
11:58:50.0234 2256 Page size: 0x1000
11:58:50.0234 2256 Boot type: Normal boot
11:58:50.0234 2256 ============================================================
11:58:50.0609 2256 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
11:58:50.0609 2256 Initialize success
11:58:53.0078 4692 ============================================================
11:58:53.0078 4692 Scan started
11:58:53.0078 4692 Mode: Manual;
11:58:53.0078 4692 ============================================================
11:58:53.0250 4692 5U877 (5e67a474cbc887daf0ddd343f6f7fea0) C:\WINDOWS\system32\DRIVERS\5U877.sys
11:58:53.0312 4692 5U877 - ok
11:58:53.0328 4692 Abiosdsk - ok
11:58:53.0343 4692 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:58:53.0375 4692 abp480n5 - ok
11:58:53.0390 4692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:58:53.0390 4692 ACPI - ok
11:58:53.0406 4692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:58:53.0406 4692 ACPIEC - ok
11:58:53.0406 4692 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:58:53.0453 4692 adpu160m - ok
11:58:53.0468 4692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:58:53.0468 4692 aec - ok
11:58:53.0484 4692 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
11:58:53.0484 4692 AFD - ok
11:58:53.0500 4692 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:58:53.0500 4692 agp440 - ok
11:58:53.0500 4692 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:58:53.0515 4692 agpCPQ - ok
11:58:53.0515 4692 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:58:53.0562 4692 Aha154x - ok
11:58:53.0562 4692 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:58:53.0609 4692 aic78u2 - ok
11:58:53.0609 4692 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:58:53.0656 4692 aic78xx - ok
11:58:53.0671 4692 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:58:53.0703 4692 AliIde - ok
11:58:53.0703 4692 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:58:53.0718 4692 alim1541 - ok
11:58:53.0718 4692 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:58:53.0734 4692 amdagp - ok
11:58:53.0734 4692 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:58:53.0781 4692 amsint - ok
11:58:53.0781 4692 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
11:58:53.0828 4692 ANC - ok
11:58:53.0843 4692 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:58:53.0843 4692 Arp1394 - ok
11:58:53.0843 4692 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:58:53.0890 4692 asc - ok
11:58:53.0890 4692 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:58:53.0937 4692 asc3350p - ok
11:58:53.0953 4692 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:58:53.0984 4692 asc3550 - ok
11:58:54.0000 4692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:58:54.0015 4692 AsyncMac - ok
11:58:54.0015 4692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:58:54.0015 4692 atapi - ok
11:58:54.0031 4692 Atdisk - ok
11:58:54.0046 4692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:58:54.0046 4692 Atmarpc - ok
11:58:54.0062 4692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:58:54.0062 4692 audstub - ok
11:58:54.0078 4692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:58:54.0078 4692 Beep - ok
11:58:54.0093 4692 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:58:54.0156 4692 BTKRNL - ok
11:58:54.0156 4692 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys
11:58:54.0234 4692 BTWUSB - ok
11:58:54.0250 4692 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:58:54.0250 4692 cbidf - ok
11:58:54.0265 4692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:58:54.0265 4692 cbidf2k - ok
11:58:54.0265 4692 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:58:54.0265 4692 CCDECODE - ok
11:58:54.0281 4692 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:58:54.0312 4692 cd20xrnt - ok
11:58:54.0328 4692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:58:54.0328 4692 Cdaudio - ok
11:58:54.0343 4692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:58:54.0343 4692 Cdfs - ok
11:58:54.0359 4692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:58:54.0359 4692 Cdrom - ok
11:58:54.0375 4692 Changer - ok
11:58:54.0390 4692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:58:54.0390 4692 CmBatt - ok
11:58:54.0406 4692 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:58:54.0406 4692 CmdIde - ok
11:58:54.0437 4692 CnxtHdAudService (34e172aa5c7abc4146346cd20233ee32) C:\WINDOWS\system32\drivers\CHDAU32.sys
11:58:54.0484 4692 CnxtHdAudService - ok
11:58:54.0484 4692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:58:54.0484 4692 Compbatt - ok
11:58:54.0500 4692 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:58:54.0515 4692 Cpqarray - ok
11:58:54.0515 4692 CSVirtA (b90b0a61045db0c63487d1995f957680) C:\WINDOWS\system32\DRIVERS\CSVirtA.sys
11:58:54.0562 4692 CSVirtA - ok
11:58:54.0578 4692 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:58:54.0578 4692 dac2w2k - ok
11:58:54.0593 4692 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:58:54.0640 4692 dac960nt - ok
11:58:54.0640 4692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:54.0640 4692 Disk - ok
11:58:54.0671 4692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:58:54.0671 4692 dmboot - ok
11:58:54.0687 4692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:58:54.0687 4692 dmio - ok
11:58:54.0703 4692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:58:54.0703 4692 dmload - ok
11:58:54.0718 4692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:58:54.0718 4692 DMusic - ok
11:58:54.0734 4692 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
11:58:54.0765 4692 DozeHDD - ok
11:58:54.0781 4692 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:58:54.0781 4692 dpti2o - ok
11:58:54.0796 4692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:58:54.0796 4692 drmkaud - ok
11:58:54.0812 4692 e1kexpress (9f7ae949202f0ef6b17dd3cc5c117ad3) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
11:58:54.0890 4692 e1kexpress - ok
11:58:54.0906 4692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:58:54.0921 4692 Fastfat - ok
11:58:54.0921 4692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:58:54.0937 4692 Fdc - ok
11:58:54.0937 4692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:58:54.0953 4692 Fips - ok
11:58:54.0953 4692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:58:54.0953 4692 Flpydisk - ok
11:58:54.0968 4692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:58:54.0968 4692 FltMgr - ok
11:58:54.0984 4692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:58:54.0984 4692 Fs_Rec - ok
11:58:55.0000 4692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:58:55.0000 4692 Ftdisk - ok
11:58:55.0015 4692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:58:55.0015 4692 Gpc - ok
11:58:55.0031 4692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:58:55.0031 4692 HDAudBus - ok
11:58:55.0031 4692 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
11:58:55.0109 4692 HECI - ok
11:58:55.0125 4692 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:58:55.0125 4692 HidUsb - ok
11:58:55.0140 4692 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:58:55.0171 4692 hpn - ok
11:58:55.0187 4692 HSFHWAZL (0d13842210353435fc1fb35ca7807644) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:58:55.0234 4692 HSFHWAZL - ok
11:58:55.0250 4692 HSF_DPV (8bc605518b1052db7011e5c4cc8417bf) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:58:55.0296 4692 HSF_DPV - ok
11:58:55.0312 4692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:58:55.0312 4692 HTTP - ok
11:58:55.0328 4692 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:58:55.0328 4692 i2omgmt - ok
11:58:55.0343 4692 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:58:55.0343 4692 i2omp - ok
11:58:55.0343 4692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:58:55.0359 4692 i8042prt - ok
11:58:55.0359 4692 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:58:55.0375 4692 iaStor - ok
11:58:55.0375 4692 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:58:55.0421 4692 IBMPMDRV - ok
11:58:55.0421 4692 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:58:55.0546 4692 IBMTPCHK - ok
11:58:55.0562 4692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:58:55.0562 4692 Imapi - ok
11:58:55.0578 4692 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\WINDOWS\system32\DRIVERS\Impcd.sys
11:58:55.0640 4692 Impcd - ok
11:58:55.0656 4692 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:58:55.0703 4692 ini910u - ok
11:58:55.0718 4692 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:58:55.0718 4692 IntelIde - ok
11:58:55.0718 4692 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:58:55.0734 4692 intelppm - ok
11:58:55.0734 4692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:58:55.0734 4692 Ip6Fw - ok
11:58:55.0750 4692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:58:55.0750 4692 IpFilterDriver - ok
11:58:55.0765 4692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:58:55.0765 4692 IpInIp - ok
11:58:55.0781 4692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:58:55.0781 4692 IpNat - ok
11:58:55.0796 4692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:58:55.0796 4692 IPSec - ok
11:58:55.0812 4692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:58:55.0812 4692 IRENUM - ok
11:58:55.0828 4692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:58:55.0828 4692 isapnp - ok
11:58:55.0843 4692 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
11:58:55.0875 4692 Iviaspi - ok
11:58:55.0890 4692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:58:55.0890 4692 Kbdclass - ok
11:58:55.0906 4692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:58:55.0906 4692 kmixer - ok
11:58:55.0921 4692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:58:55.0921 4692 KSecDD - ok
11:58:55.0937 4692 lbrtfdc - ok
11:58:55.0953 4692 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
11:58:56.0015 4692 lenovo.smi - ok
11:58:56.0031 4692 LenovoRd (007c3a7e6a864ab2b8c52df717a7254c) C:\WINDOWS\system32\Drivers\LenovoRd.sys
11:58:56.0125 4692 LenovoRd - ok
11:58:56.0140 4692 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:58:56.0171 4692 MBAMSwissArmy - ok
11:58:56.0203 4692 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:58:56.0203 4692 mdmxsdk - ok
11:58:56.0218 4692 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\WINDOWS\system32\drivers\mfeapfk.sys
11:58:56.0250 4692 mfeapfk - ok
11:58:56.0265 4692 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\WINDOWS\system32\drivers\mfeavfk.sys
11:58:56.0312 4692 mfeavfk - ok
11:58:56.0312 4692 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\WINDOWS\system32\drivers\mfebopk.sys
11:58:56.0359 4692 mfebopk - ok
11:58:56.0375 4692 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\WINDOWS\system32\drivers\mfehidk.sys
11:58:56.0421 4692 mfehidk - ok
11:58:56.0437 4692 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\WINDOWS\system32\drivers\mferkdet.sys
11:58:56.0468 4692 mferkdet - ok
11:58:56.0484 4692 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\WINDOWS\system32\drivers\mfetdik.sys
11:58:56.0515 4692 mfetdik - ok
11:58:56.0531 4692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:58:56.0546 4692 mnmdd - ok
11:58:56.0546 4692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:58:56.0562 4692 Modem - ok
11:58:56.0578 4692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:58:56.0578 4692 Mouclass - ok
11:58:56.0593 4692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:58:56.0593 4692 mouhid - ok
11:58:56.0609 4692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:58:56.0609 4692 MountMgr - ok
11:58:56.0625 4692 MpFilter (356842aac621ab40f18992c01a590f71) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:58:56.0703 4692 MpFilter - ok
11:58:56.0718 4692 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:58:56.0765 4692 mraid35x - ok
11:58:56.0765 4692 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
11:58:56.0796 4692 MREMP50 - ok
11:58:56.0812 4692 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
11:58:56.0843 4692 MRESP50 - ok
11:58:56.0859 4692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:58:56.0859 4692 MRxDAV - ok
11:58:56.0875 4692 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:58:56.0890 4692 MRxSmb - ok
11:58:56.0906 4692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:58:56.0906 4692 Msfs - ok
11:58:56.0921 4692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:58:56.0921 4692 MSKSSRV - ok
11:58:56.0937 4692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:58:56.0937 4692 MSPCLOCK - ok
11:58:56.0953 4692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:58:56.0953 4692 MSPQM - ok
11:58:56.0968 4692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:58:56.0968 4692 mssmbios - ok
11:58:56.0968 4692 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:58:56.0984 4692 MSTEE - ok
11:58:56.0984 4692 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:58:57.0000 4692 Mup - ok
11:58:57.0000 4692 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:58:57.0000 4692 NABTSFEC - ok
11:58:57.0015 4692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:58:57.0015 4692 NDIS - ok
11:58:57.0031 4692 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:58:57.0031 4692 NdisIP - ok
11:58:57.0046 4692 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:58:57.0046 4692 NdisTapi - ok
11:58:57.0062 4692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:58:57.0062 4692 Ndisuio - ok
11:58:57.0078 4692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:58:57.0078 4692 NdisWan - ok
11:58:57.0093 4692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:58:57.0125 4692 NDProxy - ok
11:58:57.0140 4692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:58:57.0140 4692 NetBIOS - ok
11:58:57.0156 4692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:58:57.0156 4692 NetBT - ok
11:58:57.0234 4692 NETw5x32 (3bc15801f7b9dd2d16897a38a962ce56) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
11:58:57.0328 4692 NETw5x32 - ok
11:58:57.0343 4692 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:58:57.0343 4692 NIC1394 - ok
11:58:57.0359 4692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:58:57.0359 4692 Npfs - ok
11:58:57.0375 4692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:58:57.0375 4692 Ntfs - ok
11:58:57.0390 4692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:58:57.0406 4692 Null - ok
11:58:57.0484 4692 nv (e2c2addbfad11a841212bb6e8be78f30) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:58:57.0546 4692 nv - ok
11:58:57.0562 4692 NVHDA (93187e98df4b8fe95d1c058601764c75) C:\WINDOWS\system32\drivers\nvhda32.sys
11:58:57.0609 4692 NVHDA - ok
11:58:57.0625 4692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:58:57.0625 4692 NwlnkFlt - ok
11:58:57.0640 4692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:58:57.0640 4692 NwlnkFwd - ok
11:58:57.0640 4692 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:58:57.0656 4692 ohci1394 - ok
11:58:57.0671 4692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:58:57.0671 4692 Parport - ok
11:58:57.0687 4692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:58:57.0687 4692 PartMgr - ok
11:58:57.0703 4692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:58:57.0703 4692 ParVdm - ok
11:58:57.0703 4692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:58:57.0718 4692 PCI - ok
11:58:57.0718 4692 PCIDump - ok
11:58:57.0734 4692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:58:57.0734 4692 PCIIde - ok
11:58:57.0750 4692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:58:57.0750 4692 Pcmcia - ok
11:58:57.0765 4692 PDCOMP - ok
11:58:57.0781 4692 PDFRAME - ok
11:58:57.0781 4692 PDRELI - ok
11:58:57.0796 4692 PDRFRAME - ok
11:58:57.0812 4692 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:58:57.0843 4692 perc2 - ok
11:58:57.0859 4692 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:58:57.0859 4692 perc2hib - ok
11:58:57.0875 4692 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
11:58:57.0921 4692 pmem - ok
11:58:57.0937 4692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:58:57.0937 4692 PptpMiniport - ok
11:58:57.0953 4692 psadd (72de205cd4006dc45b1401859c506679) C:\WINDOWS\system32\DRIVERS\psadd.sys
11:58:57.0984 4692 psadd - ok
11:58:58.0000 4692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:58:58.0000 4692 PSched - ok
11:58:58.0015 4692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:58:58.0015 4692 Ptilink - ok
11:58:58.0031 4692 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:58:58.0031 4692 PxHelp20 - ok
11:58:58.0046 4692 qcfilterlno2k (34a8537519c22ae23e0d2041b47b577d) C:\WINDOWS\system32\DRIVERS\qcfilterlno2k.sys
11:58:58.0078 4692 qcfilterlno2k - ok
11:58:58.0093 4692 qcusbnetlno2k (f57c49c12de5a901b31bbb31a4a2c7fa) C:\WINDOWS\system32\DRIVERS\qcusbnetlno2k.sys
11:58:58.0171 4692 qcusbnetlno2k - ok
11:58:58.0187 4692 qcusbserlno2k (fda379f6c51b8a5dce95d108369ff137) C:\WINDOWS\system32\DRIVERS\qcusbserlno2k.sys
11:58:58.0250 4692 qcusbserlno2k - ok
11:58:58.0375 4692 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:58:58.0375 4692 ql1080 - ok
11:58:58.0390 4692 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:58:58.0406 4692 Ql10wnt - ok
11:58:58.0406 4692 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:58:58.0421 4692 ql12160 - ok
11:58:58.0421 4692 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:58:58.0437 4692 ql1240 - ok
11:58:58.0437 4692 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:58:58.0453 4692 ql1280 - ok
11:58:58.0468 4692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:58:58.0468 4692 RasAcd - ok
11:58:58.0484 4692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:58:58.0484 4692 Rasl2tp - ok
11:58:58.0500 4692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:58:58.0500 4692 RasPppoe - ok
11:58:58.0515 4692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:58:58.0515 4692 Raspti - ok
11:58:58.0531 4692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:58:58.0531 4692 Rdbss - ok
11:58:58.0531 4692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:58:58.0546 4692 RDPCDD - ok
11:58:58.0562 4692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:58:58.0562 4692 rdpdr - ok
11:58:58.0578 4692 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:58:58.0578 4692 RDPWD - ok
11:58:58.0593 4692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:58:58.0593 4692 redbook - ok
11:58:58.0609 4692 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
11:58:58.0640 4692 regi - ok
11:58:58.0656 4692 rimspci (571e6ae8d33f6aaaf342d0919630f901) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
11:58:58.0734 4692 rimspci - ok
11:58:58.0750 4692 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
11:58:58.0781 4692 RimUsb - ok
11:58:58.0796 4692 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:58:58.0875 4692 RimVSerPort - ok
11:58:58.0890 4692 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:58:58.0890 4692 ROOTMODEM - ok
11:58:58.0906 4692 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:58:58.0953 4692 s24trans - ok
11:58:58.0968 4692 sdbus (d1facb3c7d12f439c18ef01aa88c2a9d) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:58:59.0031 4692 sdbus - ok
11:58:59.0046 4692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:58:59.0046 4692 Secdrv - ok
11:58:59.0062 4692 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:58:59.0078 4692 Serenum - ok
11:58:59.0078 4692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:58:59.0093 4692 Serial - ok
11:58:59.0109 4692 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
11:58:59.0109 4692 sffdisk - ok
11:58:59.0125 4692 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
11:58:59.0125 4692 sffp_sd - ok
11:58:59.0140 4692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:58:59.0140 4692 Sfloppy - ok
11:58:59.0156 4692 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
11:58:59.0203 4692 Shockprf - ok
11:58:59.0203 4692 Simbad - ok
11:58:59.0218 4692 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:58:59.0218 4692 sisagp - ok
11:58:59.0234 4692 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:58:59.0234 4692 SLIP - ok
11:58:59.0250 4692 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
11:58:59.0312 4692 smihlp - ok
11:58:59.0328 4692 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:58:59.0343 4692 Sparrow - ok
11:58:59.0343 4692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:58:59.0359 4692 splitter - ok
11:58:59.0375 4692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:58:59.0375 4692 sr - ok
11:58:59.0390 4692 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
11:58:59.0421 4692 Srv - ok
11:58:59.0453 4692 stmtpm (8afa1b80366276f8345a6b61e0df2f3e) C:\WINDOWS\system32\DRIVERS\stm_tpm.sys
11:58:59.0515 4692 stmtpm - ok
11:58:59.0531 4692 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:58:59.0531 4692 streamip - ok
11:58:59.0546 4692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:58:59.0562 4692 swenum - ok
11:58:59.0562 4692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:58:59.0562 4692 swmidi - ok
11:58:59.0593 4692 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:58:59.0625 4692 symc810 - ok
11:58:59.0640 4692 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:58:59.0671 4692 symc8xx - ok
11:58:59.0687 4692 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:58:59.0687 4692 sym_hi - ok
11:58:59.0703 4692 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:58:59.0750 4692 sym_u3 - ok
11:58:59.0765 4692 SynTP (0953d53a2d272de4c4be1e6c6a2c90d4) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:58:59.0796 4692 SynTP - ok
11:58:59.0812 4692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:58:59.0812 4692 sysaudio - ok
11:58:59.0843 4692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:58:59.0843 4692 Tcpip - ok
11:58:59.0859 4692 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys
11:58:59.0921 4692 TcUsb - ok
11:58:59.0937 4692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:58:59.0937 4692 TDPIPE - ok
11:58:59.0953 4692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:58:59.0953 4692 TDTCP - ok
11:58:59.0968 4692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:58:59.0968 4692 TermDD - ok
11:58:59.0984 4692 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:59:00.0000 4692 TosIde - ok
11:59:00.0000 4692 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
11:59:00.0046 4692 TPDIGIMN - ok
11:59:00.0062 4692 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
11:59:00.0093 4692 TPHKDRV - ok
11:59:00.0109 4692 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
11:59:00.0156 4692 TPPWRIF - ok
11:59:00.0171 4692 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
11:59:00.0250 4692 TSMAPIP - ok
11:59:00.0281 4692 TVTI2C (3078906e991f29305e8066911153717e) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:59:00.0343 4692 TVTI2C - ok
11:59:00.0359 4692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:59:00.0359 4692 Udfs - ok
11:59:00.0375 4692 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
11:59:00.0421 4692 ULCDRHlp - ok
11:59:00.0437 4692 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:59:00.0468 4692 ultra - ok
11:59:00.0484 4692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:59:00.0500 4692 Update - ok
11:59:00.0515 4692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:59:00.0515 4692 usbccgp - ok
11:59:00.0531 4692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:59:00.0531 4692 usbehci - ok
11:59:00.0546 4692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:59:00.0546 4692 usbhub - ok
11:59:00.0562 4692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:59:00.0562 4692 usbscan - ok
11:59:00.0578 4692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:59:00.0578 4692 USBSTOR - ok
11:59:00.0593 4692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:59:00.0593 4692 usbuhci - ok
11:59:00.0609 4692 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:59:00.0609 4692 usbvideo - ok
11:59:00.0625 4692 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
11:59:00.0625 4692 USB_RNDIS - ok
11:59:00.0640 4692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:59:00.0640 4692 VgaSave - ok
11:59:00.0656 4692 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:59:00.0656 4692 viaagp - ok
11:59:00.0671 4692 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:59:00.0671 4692 ViaIde - ok
11:59:00.0671 4692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:59:00.0687 4692 VolSnap - ok
11:59:00.0703 4692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:59:00.0703 4692 Wanarp - ok
11:59:00.0718 4692 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:59:00.0796 4692 Wdf01000 - ok
11:59:00.0812 4692 WDICA - ok
11:59:00.0828 4692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:59:00.0828 4692 wdmaud - ok
11:59:00.0843 4692 winachsf (e08ca06bd56b66d6565123445adb37a6) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:59:00.0890 4692 winachsf - ok
11:59:00.0921 4692 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:59:00.0921 4692 WmiAcpi - ok
11:59:00.0953 4692 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:59:00.0953 4692 WpdUsb - ok
11:59:00.0968 4692 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:59:00.0968 4692 WSTCODEC - ok
11:59:00.0984 4692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:59:00.0984 4692 WudfPf - ok
11:59:01.0000 4692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:59:01.0000 4692 WudfRd - ok
11:59:01.0031 4692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:59:01.0140 4692 \Device\Harddisk0\DR0 - ok
11:59:01.0140 4692 Boot (0x1200) (594be009603b286a0a18385f9613497d) \Device\Harddisk0\DR0\Partition0
11:59:01.0140 4692 \Device\Harddisk0\DR0\Partition0 - ok
11:59:01.0140 4692 ============================================================
11:59:01.0140 4692 Scan finished
11:59:01.0140 4692 ============================================================
11:59:01.0156 0572 Detected object count: 0
11:59:01.0156 0572 Actual detected object count: 0

--------------------------------------------------------------------------------------------------------------------------------------



ComboFix 12-01-21.01 - cdavis 01/21/2012 12:16:23.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3060.2405 [GMT -5:00]
Running from: c:\documents and settings\cdavis\Desktop\virus\ComboFix.exe
AV: Microsoft Forefront Client Security *Disabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\cdavis.MCOP-R8W0L52\WINDOWS
c:\documents and settings\cdavis\WINDOWS
c:\documents and settings\cdpenamon\WINDOWS
c:\documents and settings\CityUser\WINDOWS
c:\documents and settings\clawrence\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\lrodriguez\WINDOWS
c:\documents and settings\sluser\WINDOWS
c:\program files\Internet Explorer\SET53C.tmp
c:\program files\Internet Explorer\SET5B1.tmp
c:\windows\$NtUninstallKB41342$
c:\windows\$NtUninstallKB41342$\1238558892\@
c:\windows\$NtUninstallKB41342$\1238558892\bckfg.tmp
c:\windows\$NtUninstallKB41342$\1238558892\cfg.ini
c:\windows\$NtUninstallKB41342$\1238558892\Desktop.ini
c:\windows\$NtUninstallKB41342$\1238558892\keywords
c:\windows\$NtUninstallKB41342$\1238558892\kwrd.dll
c:\windows\$NtUninstallKB41342$\1238558892\L\aavmayqi
c:\windows\$NtUninstallKB41342$\1238558892\lsflt7.ver
c:\windows\$NtUninstallKB41342$\1238558892\U\00000001.@
c:\windows\$NtUninstallKB41342$\1238558892\U\00000002.@
c:\windows\$NtUninstallKB41342$\1238558892\U\00000004.@
c:\windows\$NtUninstallKB41342$\1238558892\U\80000000.@
c:\windows\$NtUninstallKB41342$\1238558892\U\80000004.@
c:\windows\$NtUninstallKB41342$\1238558892\U\80000032.@
c:\windows\$NtUninstallKB41342$\2715435319
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000020_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\SET1FF.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET227.tmp
c:\windows\system32\SET237.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET260.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET381.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D0.tmp
c:\windows\system32\SET3DB.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET425.tmp
c:\windows\system32\SET426.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET51A.tmp
c:\windows\system32\SET51B.tmp
c:\windows\system32\SET51C.tmp
c:\windows\system32\SET51D.tmp
c:\windows\system32\SET51E.tmp
c:\windows\system32\SET522.tmp
c:\windows\system32\SET523.tmp
c:\windows\system32\SET524.tmp
c:\windows\system32\SET525.tmp
c:\windows\system32\SET52A.tmp
c:\windows\system32\SET52C.tmp
c:\windows\system32\SET52D.tmp
c:\windows\system32\SET52E.tmp
c:\windows\system32\SET530.tmp
c:\windows\system32\SET531.tmp
c:\windows\system32\SET536.tmp
c:\windows\system32\SET537.tmp
c:\windows\system32\SET538.tmp
c:\windows\system32\SET539.tmp
c:\windows\system32\SET53A.tmp
c:\windows\system32\SET592.tmp
c:\windows\system32\SET593.tmp
c:\windows\system32\SET594.tmp
c:\windows\system32\SET595.tmp
c:\windows\system32\SET596.tmp
c:\windows\system32\SET59A.tmp
c:\windows\system32\SET59B.tmp
c:\windows\system32\SET59C.tmp
c:\windows\system32\SET59D.tmp
c:\windows\system32\SET5A1.tmp
c:\windows\system32\SET5A3.tmp
c:\windows\system32\SET5A4.tmp
c:\windows\system32\SET5A5.tmp
c:\windows\system32\SET5A7.tmp
c:\windows\system32\SET5AC.tmp
c:\windows\system32\SET5AD.tmp
c:\windows\system32\SET5AE.tmp
c:\windows\system32\SET5B0.tmp
c:\windows\system32\SET5C0.tmp
c:\windows\system32\SET5E6.tmp
c:\windows\system32\SET851.tmp
c:\windows\system32\SET853.tmp
c:\windows\system32\SET886.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 17:22 . 2012-01-21 17:22 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{F9F73135-D4FE-4500-98B8-9AE14383378D}\offreg.dll
2012-01-21 17:14 . 2012-01-21 17:14 -------- d-sh--w- c:\documents and settings\sluser\IETldCache
2012-01-21 15:14 . 2012-01-21 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2012-01-21 07:19 . 2012-01-21 07:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-20 23:46 . 2012-01-20 23:46 -------- d-----w- c:\documents and settings\cdavis.MCOP-R8W0L52\Application Data\Malwarebytes
2012-01-20 22:25 . 2012-01-20 22:25 -------- d-----w- c:\documents and settings\cdavis\Application Data\Malwarebytes
2012-01-20 22:25 . 2012-01-20 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-20 22:24 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-20 22:24 . 2012-01-20 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-08 06:00 . 2012-01-20 22:09 -------- d-----w- c:\documents and settings\cdavis\Application Data\U3
2012-01-06 01:15 . 2012-01-06 01:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-21 17:22 . 2011-03-15 16:52 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-21 17:22 . 2010-07-19 22:20 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-21 09:00 . 2011-03-15 16:52 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-01-21 08:59 . 2008-04-14 00:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-21 10:47 . 2011-12-08 11:16 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{F9F73135-D4FE-4500-98B8-9AE14383378D}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-11-28 337256]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-11-17 69568]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-04-21 62312]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-17 307768]
"nwiz"="nwiz.exe" [2009-11-13 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-13 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-13 13803520]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-03-03 513384]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-11-10 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-12 1594664]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-07 273528]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-5-28 50688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-10-07 04:21 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [5/28/2010 1:51 PM 24304]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [5/28/2010 1:33 PM 21504]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 2:10 PM 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [11/27/2009 5:14 AM 13480]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [5/28/2010 1:51 PM 132456]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [1/8/2011 4:06 PM 16896]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [8/31/2010 6:23 PM 69528]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CamMute.exe [5/28/2010 3:31 PM 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [11/27/2009 5:14 AM 44984]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [3/25/2010 7:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/9/2011 9:36 PM 70728]
R2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [7/21/2005 10:14 AM 134656]
R2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [12/18/2009 8:03 PM 331512]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [5/28/2010 1:19 PM 45056]
R2 SLClient;ScriptLogic Service;c:\windows\system32\slclient.exe [3/21/2011 2:46 PM 564736]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 4:47 PM 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [11/27/2009 5:14 AM 62904]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [5/28/2010 1:35 PM 2320920]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [5/28/2010 3:33 PM 127232]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [5/28/2010 1:19 PM 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [5/28/2010 1:36 PM 125696]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [5/28/2010 1:19 PM 81280]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/28/2010 1:36 PM 57320]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\drivers\qcfilterlno2k.sys [5/28/2010 1:36 PM 5248]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\drivers\qcusbnetlno2k.sys [5/28/2010 1:36 PM 116224]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\drivers\qcusbserlno2k.sys [5/28/2010 3:36 PM 106368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [10/8/2009 9:52 PM 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 3:16 PM 130384]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [3/30/2011 10:19 PM 22136]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/21/2012 2:19 AM 40776]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/9/2011 9:36 PM 66600]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/21/2008 5:50 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 3:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 21:06]
.
2012-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 21:06]
.
2012-01-21 c:\windows\Tasks\MP Scheduled Signature Update.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 21:06]
.
2012-01-21 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-05-28 08:20]
.
2012-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1998280219-2088136258-456279356-14498.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2012-01-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1998280219-2088136258-456279356-14498.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
.
------- Supplementary Scan -------
.
uStart Page = www.atlantaga.gov
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://atlopen.atlantaga.gov/CACHE/webvpn/stc/1/binaries/stcweb.cab
DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF} - hxxp://ditcats.atlanta.local/jinitiator/oajinit.exe
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-dplaysvr - c:\documents and settings\cdavis\Application Data\dplaysvr.exe
Notify-ACNotify - ACNotify.dll
SafeBoot-87301900.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 12:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\vrlogon.dll
c:\windows\system32\tvt_gina.dll
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\program files\Lenovo\HOTKEY\tpwrpc.dll
c:\program files\ThinkPad\ConnectUtilities\Res\US\ACGinaRes.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
.
- - - - - - - > 'lsass.exe'(1340)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(4924)
c:\windows\system32\nview.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Cisco Systems\SSL VPN Client\agent.exe
c:\windows\System32\SCardSvr.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\oracle\ora92\bin\omtsreco.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\locator.exe
c:\windows\system32\rpcnet.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
.
**************************************************************************
.
Completion time: 2012-01-21 12:26:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-21 17:26
.
Pre-Run: 104,597,725,184 bytes free
Post-Run: 105,067,958,272 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E01811ADF0F4461318A28F41DAAFF63B

#4 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 21 January 2012 - 01:00 PM

Hi Fireman- just wanted to let you know that I rebooted again and did not get any error messages.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:49 PM

Posted 21 January 2012 - 01:26 PM

Hello,

Looks like combofix did its job. Sometimes we will get errors when dealing with this type of infection until we reboot a couple of times. Let's run a couple other scanners to make sure nothing is left over.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

3.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 21 January 2012 - 08:09 PM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.20.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
cdavis :: MCOP-R8W0L52 [administrator]

1/21/2012 1:33:47 PM
mbam-log-2012-01-21 (13-33-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 340144
Time elapsed: 19 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


------------------------------------------------------------------------------------------------------------------------------------------------


Eset found no threats. Computer is running good. Thanks for your time and assistance.

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:49 PM

Posted 21 January 2012 - 10:45 PM

Hello, cher d.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



One of the most common questions found when cleaning malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 22 January 2012 - 12:59 PM

Thank you so much! The computer is running good. How do I uninstall the programs we used to remove the infections?

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:49 PM

Posted 22 January 2012 - 01:30 PM

Which programs are you referring to? OTC cleans many of the programs up.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 22 January 2012 - 06:37 PM

I was not able to run OTC. I did not get the icon when I downloaded it. Is there another link that I can try to download it? Thanks.

Edited by cher d, 22 January 2012 - 06:46 PM.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:49 PM

Posted 22 January 2012 - 06:58 PM

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 22 January 2012 - 08:31 PM

I get an Error Copying File Message- Cannot copy OTC. Access Denied. Make sure the disk is not full or write protected and that the fil is not currently in use.

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:49 PM

Posted 22 January 2012 - 09:26 PM

Hello,

Try this link: It is OTL but same thing applies. Reboot your machine before downloading it. Make sure you download it directly to your desktop. Also try disabling your antivirus first before downloading it.

OTL

Edited by fireman4it, 22 January 2012 - 09:27 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 22 January 2012 - 09:47 PM

It worked. Thanks.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:49 PM

Posted 22 January 2012 - 10:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users