Jump to content

jmillerofthewood

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by jmillerofthewood

  1. Ok, I have a Dell inspiron 6400 laptop running XP sp2. After auto downloading sp3, the laptop would not boot in any mode. I reinstalled sp2 and began to notice a lot of redirects from browser searches. I have run Mbam, Hijack This, DDS, GMER, Super anti Spyware& Tdss Killer Some things have been detected & 'corrected', but the tdss still appears in subsequent tdsskiller scans. (tdss.tdl4 (Hard Drive0/MBR) Below is a DDS and GMER log. I have logs from Mbam, Hijack this & Tdss Killer if needed as well. I would appreciate any help. I have two other computers showing signs of similar infection, but will tackle this one first. Thank you very much. DDS (Ver_10-03-17.01) - NTFSx86 Run by Norman Crow at 15:31:46.89 on Wed 09/22/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.763 [GMT -5:00] AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FW: Total Protection Service *enabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Common Files\AOL\1174849192\ee\AOLSoftware.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\TDxVGAUTIL.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\stsystra.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Norman Crow\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.foxnews.com/ uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061215 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20100803111818.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe" mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe" mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HostManager] c:\program files\common files\aol\1174849192\ee\AOLSoftware.exe mRun: [TDxVGAUTIL] c:\windows\system32\TDxVGAUTIL.EXE mRun: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [QuickBooksDB19] c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -n qb_nlaptop_19 -qs -gd all -gk all -gp 4096 -gu all -ch 128m -c 64m -x tcpip(broadcastlistener=no;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe c:\docume~1\alluse~1\applic~1\intuit\quickb~2\DBSTAR~1.LOG -y mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16 mRun: [sigmatelSysTrayApp] stsystra.exe StartupFolder: c:\docume~1\norman~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mile.webex.com/client/T27L/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {54A35DCA-211D-48CA-B618-CC0777B7DDB0} = 66.184.128.38,207.230.75.50 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2006\HelpAsyncPluggableProtocol.dll Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {FDC32A47-A70D-4F9E-97DD-7E08EA9C6BF8} - rundll32.exe "c:\documents and settings\norman crow\application data\bitrix security\fadosvlk.dll", DllUnrer ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\norman~1\applic~1\mozilla\firefox\profiles\7enaiomx.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/ FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-2-20 214664] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-2-20 14144] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-12-16 222528] R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2008-2-20 144704] R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-2-20 282824] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-15 1247600] R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2008-2-20 79816] R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2008-2-20 35272] R3 TdxMrMINI;TdxMrMINI;c:\windows\system32\drivers\TdxMrMini.sys [2007-3-29 233984] R3 TdxVGAMINI;TdxVGAMINI;c:\windows\system32\drivers\TdxVgaMini.sys [2007-3-29 234496] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 135664] S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [2007-3-29 27135] S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-2-20 34248] S3 TdxVGAUSB;TARGUS USB2.0 VGA DOCK DEVICE(USB);c:\windows\system32\drivers\TdxVGAUSB.sys [2007-3-29 22528] S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB19 [?] =============== Created Last 30 ================ 2010-09-22 16:18:14 0 d-----w- c:\program files\Trend Micro 2010-09-21 16:58:50 0 d-----w- C:\TDSSKiller_Quarantine 2010-09-21 14:28:11 0 d-----w- c:\windows\pss 2010-09-21 13:26:50 0 d-----w- c:\docume~1\norman~1\applic~1\Bitrix Security 2010-09-21 04:31:27 47616 ---ha-w- c:\windows\system32\boots-sd.dll 2010-09-20 15:43:50 0 d-----w- c:\docume~1\norman~1\applic~1\SUPERAntiSpyware.com 2010-09-20 15:43:50 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-09-20 15:43:41 0 d-----w- c:\program files\SUPERAntiSpyware 2010-09-19 12:47:49 926 ----a-w- C:\MFW8.xml 2010-09-19 00:25:27 1630 ----a-w- C:\MFW7.xml 2010-09-18 22:38:08 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-18 22:38:08 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-18 19:59:43 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-09-18 19:59:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-09-18 13:41:37 0 d-----w- c:\windows\system32\LogFiles 2010-09-18 13:41:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2010-09-18 00:03:02 0 d-----w- C:\9a9d5fba148b37cfcfc75b 2010-09-17 16:17:31 0 d-----w- c:\docume~1\norman~1\applic~1\Malwarebytes 2010-09-17 16:17:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-17 16:17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-17 16:17:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-09-17 16:17:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-17 12:19:59 4096 -c--a-w- c:\windows\system32\dllcache\rpcref.dll 2010-09-17 12:18:59 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll 2010-09-17 12:17:59 9728 -c--a-w- c:\windows\system32\dllcache\change.exe 2010-09-17 12:16:59 876653 -c--a-w- c:\windows\system32\dllcache\fp4awel.dll 2010-09-17 12:14:40 488 ---ha-r- c:\windows\system32\logonui.exe.manifest 2010-09-17 12:14:32 749 ---ha-r- c:\windows\WindowsShell.Manifest 2010-09-17 12:14:32 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest 2010-09-17 12:14:32 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest 2010-09-17 12:14:32 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest 2010-09-17 12:14:32 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest 2010-09-17 12:14:09 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2010-09-17 12:13:32 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll 2010-09-17 12:13:31 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe 2010-09-17 12:13:31 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe 2010-09-17 12:13:31 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe 2010-09-16 16:26:24 2145386496 ----a-w- c:\windows\MEMORY.DMP 2010-09-16 16:26:24 0 d-----w- c:\windows\dell ==================== Find3M ==================== 2010-09-17 12:12:21 23428 -c--a-w- c:\windows\system32\emptyregdb.dat 2010-08-31 20:18:16 6840 --sha-w- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 15:43:50.79 =============== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-23 11:43:19 Windows 5.1.2600 Service Pack 2 Running: mj97nhtw.exe; Driver: C:\DOCUME~1\NORMAN~1\LOCALS~1\Temp\fxddqpoc.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB1347620] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB128878A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB1288738] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB128874C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB12887CA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB1288710] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB1288724] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB128879E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB1288776] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB1288762] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB12887F9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB12887E0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB12887B4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 80503DD0 7 Bytes JMP B12887B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 80577E48 5 Bytes JMP B128878E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B09B6 7 Bytes JMP B12887CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B17C4 5 Bytes JMP B12887E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6D8A 7 Bytes JMP B12887A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805C9C64 5 Bytes JMP B1288714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805C9EF0 5 Bytes JMP B1288728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805CC6AE 5 Bytes JMP B1288766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF984 7 Bytes JMP B1288750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805CFA3A 5 Bytes JMP B128873C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805CFF5C 5 Bytes JMP B128877A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805D118C 5 Bytes JMP B12887FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011F0000 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 011F0FB9 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 011F00AE .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 011F0087 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 011F0076 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 011F004A .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 011F00C9 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 011F0F81 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011F00F5 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011F00DA .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 011F0106 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 011F005B .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 011F0FE5 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 011F0FA8 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 011F0025 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 011F0FD4 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 011F0F66 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 011E001B .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 011E006C .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 011E000A .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 011E0FD4 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 011E0051 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 011E0FAF .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 011E0FE5 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 011E0036 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011D0031 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] msvcrt.dll!system 77C293C7 5 Bytes JMP 011D0FA6 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011D0FB7 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011D0FEF .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011D0016 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011D0FDE .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 011C0000 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 011C0FEF .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 011C0025 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 011C0040 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[248] WS2_32.dll!socket 01143B91 5 Bytes JMP 011B0FEF .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01370000 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01370F91 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01370FB6 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01370084 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01370069 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01370058 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 013700C6 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01370F80 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 013700FC .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01370F63 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01370117 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 01370FD1 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01370011 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 013700A1 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01370033 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01370022 .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 013700E1 .text C:\WINDOWS\system32\services.exe[788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D30FB4 .text C:\WINDOWS\system32\services.exe[788] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D3003F .text C:\WINDOWS\system32\services.exe[788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D3001D .text C:\WINDOWS\system32\services.exe[788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D30FEF .text C:\WINDOWS\system32\services.exe[788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D3002E .text C:\WINDOWS\system32\services.exe[788] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D3000C .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01360025 .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01360F8D .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01360FD4 .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01360FEF .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0136004A .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01360FA8 .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0136000A .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01360FB9 .text C:\WINDOWS\system32\services.exe[788] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00D20FEF .text C:\WINDOWS\system32\services.exe[788] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00D2000A .text C:\WINDOWS\system32\services.exe[788] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00D20FD4 .text C:\WINDOWS\system32\services.exe[788] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00D20FB9 .text C:\WINDOWS\system32\services.exe[788] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D00000 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FE000A .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FE0F52 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FE0F6D .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FE0047 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FE0036 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FE0025 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FE0076 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FE0F24 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FE0EF8 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FE0091 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00FE00AC .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00FE0F94 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00FE0FEF .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00FE0F41 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00FE0FC3 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00FE0FD4 .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00FE0F09 .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00D30FD4 .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00D30F79 .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00D30025 .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00D30FE5 .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00D30F94 .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00D30FA5 .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00D3000A .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00D30036 .text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D20027 .text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D20FA6 .text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D20FC1 .text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D20FEF .text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D20016 .text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D20FDE .text C:\WINDOWS\system32\lsass.exe[808] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D00FEF .text C:\WINDOWS\system32\lsass.exe[808] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00D10FEF .text C:\WINDOWS\system32\lsass.exe[808] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00D10FD4 .text C:\WINDOWS\system32\lsass.exe[808] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00D1000A .text C:\WINDOWS\system32\lsass.exe[808] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00D10FAF .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 024A0FEF .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 024A004A .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 024A0F4B .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 024A002F .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 024A0F72 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 024A0F9E .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 024A005B .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 024A0F13 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 024A0076 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 024A0EDD .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 024A0EC2 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 024A0F8D .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 024A0FDE .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 024A0F3A .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 024A0014 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 024A0FC3 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 024A0EF8 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02480FCA .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0248006C .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02480025 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02480FEF .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 02480051 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 02480040 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0248000A .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02480FB9 .text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02470FAD .text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 02470038 .text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02470FD9 .text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0247000C .text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02470FC8 .text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0247001D .text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 02460FEF .text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 0246000A .text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 02460FD4 .text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 0246001B .text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02450FEF .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EB0FEF .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EB0080 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EB005B .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EB004A .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EB0F8D .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EB0FAF .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EB0F53 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EB009B .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EB00E2 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EB00D1 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00EB0F24 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00EB0F9E .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00EB000A .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00EB0F70 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00EB001B .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00EB0FD4 .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00EB00C0 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00EA0011 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00EA0065 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00EA0FCA .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00EA0000 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00EA0F9E .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00EA0040 .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00EA0FEF .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00EA0FAF .text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E9002F .text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E90FA4 .text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E90FC6 .text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E90FE3 .text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E90FB5 .text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E90000 .text C:\WINDOWS\system32\svchost.exe[1120] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00E80FEF .text C:\WINDOWS\system32\svchost.exe[1120] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00E80FD4 .text C:\WINDOWS\system32\svchost.exe[1120] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00E8000A .text C:\WINDOWS\system32\svchost.exe[1120] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00E80FC3 .text C:\WINDOWS\system32\svchost.exe[1120] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E7000A .text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00A8000A .text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00A9000A .text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00A7000C .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 03A20FE5 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 03A20053 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03A20038 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 03A20F5E .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 03A20F79 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 03A20FA5 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 03A20089 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 03A20F43 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03A20F0B .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03A20F1C .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 03A20EF0 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 03A20F8A .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 03A20FCA .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 03A2006E .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 03A20011 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 03A20000 .text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 03A2009A .text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 03A10011 .text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 03A10062 .text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 03A10FCA .text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 03A10FE5 .text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 03A10047 .text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 03A10036 .text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 03A10000 .text C:\WINDOWS\System32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 03A10FA5 .text C:\WINDOWS\System32\svchost.exe[1164] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 015F000A .text C:\WINDOWS\System32\svchost.exe[1164] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 014B000A .text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03A00053 .text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!system 77C293C7 5 Bytes JMP 03A00042 .text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03A00FC8 .text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03A00000 .text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03A0001D .text C:\WINDOWS\System32\svchost.exe[1164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03A00FE3 .text C:\WINDOWS\System32\svchost.exe[1164] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 039F000A .text C:\WINDOWS\System32\svchost.exe[1164] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 039F0025 .text C:\WINDOWS\System32\svchost.exe[1164] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 039F0036 .text C:\WINDOWS\System32\svchost.exe[1164] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 039F0047 .text C:\WINDOWS\System32\svchost.exe[1164] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 039E0FEF .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A6000A .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A60FAF .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A600A4 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A60FC0 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A60073 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A60051 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A600ED .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A600DC .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A60F6F .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A60F8A .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A60F54 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A60062 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A60025 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A600B5 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A60040 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A60FEF .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A60108 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A50FB9 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A50F7C .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A50FD4 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A50000 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A50039 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A50F97 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A50FEF .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A50FA8 .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A40038 .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A40FA3 .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A40FD9 .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A4000C .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A40FC8 .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A4001D .text C:\WINDOWS\system32\svchost.exe[1228] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00A30FEF .text C:\WINDOWS\system32\svchost.exe[1228] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00A30FD4 .text C:\WINDOWS\system32\svchost.exe[1228] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00A3000A .text C:\WINDOWS\system32\svchost.exe[1228] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00A30025 .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A20FE5 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E70FEF .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E70F64 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E70F75 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E70F86 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E70039 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E70FA8 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E70F49 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E7008F .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E700B6 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E70F1D .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00E70F02 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00E70F97 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E70FD4 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00E70074 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00E70FC3 .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00E7000A .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00E70F38 .text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00E60025 .text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00E60FA1 .text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00E60FDE .text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00E60FEF .text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00E60FB2 .text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00E60054 .text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00E60000 .text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00E60FC3 .text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E50047 .text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E50FB2 .text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E50022 .text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E50FEF .text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E50FCD .text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E50FDE .text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00E40FEF .text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00E40FD4 .text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00E40014 .text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00E40FC3 .text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CA0FEF .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A2000A .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A20098 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A2007D .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A20062 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A20051 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A20FB9 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A20F6D .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A200B5 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A200F5 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A200DA .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A20F41 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A20040 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A20FEF .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A20F88 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A20025 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A20FD4 .text C:\WINDOWS\system32\svchost.exe[2052] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A20F5C .text C:\WINDOWS\system32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A10036 .text C:\WINDOWS\system32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A10FB9 .text C:\WINDOWS\system32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A10025 .text C:\WINDOWS\system32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A10FE5 .text C:\WINDOWS\system32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A10076 .text C:\WINDOWS\system32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A10FCA .text C:\WINDOWS\system32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A1000A .text C:\WINDOWS\system32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A10047 .text C:\WINDOWS\system32\svchost.exe[2052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A00FB7 .text C:\WINDOWS\system32\svchost.exe[2052] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00038 .text C:\WINDOWS\system32\svchost.exe[2052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A0000C .text C:\WINDOWS\system32\svchost.exe[2052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00FEF .text C:\WINDOWS\system32\svchost.exe[2052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A0001D .text C:\WINDOWS\system32\svchost.exe[2052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00FDE .text C:\WINDOWS\system32\svchost.exe[2052] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 009F0000 .text C:\WINDOWS\system32\svchost.exe[2052] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 009F0FE5 .text C:\WINDOWS\system32\svchost.exe[2052] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 009F0FD4 .text C:\WINDOWS\system32\svchost.exe[2052] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 009F0025 .text C:\WINDOWS\Explorer.EXE[2144] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 01C3000A .text C:\WINDOWS\Explorer.EXE[2144] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 01C4000A .text C:\WINDOWS\Explorer.EXE[2144] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 0157000C .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01E30000 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01E30090 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01E30F9B .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01E30FB6 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01E30073 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01E30051 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01E300D2 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01E300B7 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01E300E3 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01E30F54 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01E30F25 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 01E30062 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01E3001B .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 01E30F8A .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01E30036 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01E30FE5 .text C:\WINDOWS\Explorer.EXE[2144] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 01E30F6F .text C:\WINDOWS\Explorer.EXE[2144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01E10053 .text C:\WINDOWS\Explorer.EXE[2144] msvcrt.dll!system 77C293C7 5 Bytes JMP 01E10042 .text C:\WINDOWS\Explorer.EXE[2144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01E10FD2 .text C:\WINDOWS\Explorer.EXE[2144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01E10FEF .text C:\WINDOWS\Explorer.EXE[2144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01E10031 .text C:\WINDOWS\Explorer.EXE[2144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01E10000 .text C:\WINDOWS\Explorer.EXE[2144] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01E2001E .text C:\WINDOWS\Explorer.EXE[2144] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01E2004A .text C:\WINDOWS\Explorer.EXE[2144] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01E20FC3 .text C:\WINDOWS\Explorer.EXE[2144] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01E20FD4 .text C:\WINDOWS\Explorer.EXE[2144] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01E20F8D .text C:\WINDOWS\Explorer.EXE[2144] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01E2002F .text C:\WINDOWS\Explorer.EXE[2144] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01E20FEF .text C:\WINDOWS\Explorer.EXE[2144] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01E20FA8 .text C:\WINDOWS\Explorer.EXE[2144] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 01E00000 .text C:\WINDOWS\Explorer.EXE[2144] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01E0001B .text C:\WINDOWS\Explorer.EXE[2144] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01E00036 .text C:\WINDOWS\Explorer.EXE[2144] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01E00047 .text C:\WINDOWS\Explorer.EXE[2144] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01DF0FE5 .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Program Files\palmOne\HOTSYNC.EXE[5704] MSVCRT.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ----
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.