Jump to content

Recommended Posts

I keep getting a trojan when running a scan: win32.tdss.reg

Is this a problem? Thank you for any help

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:06:48 AM, on 7/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O2 - BHO: (no name) - {431E585F-0074-4A8C-B667-3F0196E093A3} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 11330 bytes

Malwarebytes' Anti-Malware 1.38

Database version: 2371

Windows 5.1.2600 Service Pack 3

7/4/2009 3:48:23 AM

mbam-log-2009-07-04 (03-48-23).txt

Scan type: Full Scan (C:\|)

Objects scanned: 178500

Time elapsed: 55 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Welcome to Malwarebytes !!! :unsure:

Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.

    [*]Re-enable all active protection.

Link to post
Share on other sites

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-07-05 18:07:12

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA7039AA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA703A41]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA703958]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA70396C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA703A55]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA703A81]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA703AEF]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA703AD9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA7039EA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA703B1B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA703A2D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA703930]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA703944]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA7039BE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA703B57]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA703AC3]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA703AAD]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA703A6B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA703B43]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA703B2F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA703996]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA703982]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA703A97]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA703A19]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA703B05]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA703A00]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA7039D4]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP AA7039D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP AA7039AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP AA7039EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP AA703A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP AA7039C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP AA703934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP AA703948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP AA703986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP AA703970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP AA70395C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP AA70399A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP AA703A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryValueKey 806219E8 7 Bytes JMP AA703AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetValueKey 80621D36 7 Bytes JMP AA703A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnloadKey 80622060 7 Bytes JMP AA703B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228FE 7 Bytes JMP AA703AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP AA703A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateKey 806237B0 5 Bytes JMP AA703A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 7 Bytes JMP AA703A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 7 Bytes JMP AA703A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 7 Bytes JMP AA703AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425A 7 Bytes JMP AA703ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP AA703A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryKey 80624EA8 7 Bytes JMP AA703B5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRestoreKey 80625168 5 Bytes JMP AA703B33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwReplaceKey 8062585C 5 Bytes JMP AA703B47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 5 Bytes JMP AA703B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02790FEF

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0279008F

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02790074

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 0279004D

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [85]

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02790F90

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02790FB2

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027900B6

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02790F6E

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027900EC

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02790F53

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02790F38

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02790FA1

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0279000A

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02790F7F

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02790FC3

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02790FD4

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 027900D1

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] ADVAPI32.DLL!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02780FCA

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] ADVAPI32.DLL!RegCreateKeyExW 77DD776C 5 Bytes JMP 02780FAF

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] ADVAPI32.DLL!RegOpenKeyExA 77DD7852 5 Bytes JMP 02780011

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] ADVAPI32.DLL!RegOpenKeyW 77DD7946 5 Bytes JMP 02780FE5

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] ADVAPI32.DLL!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02780062

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] ADVAPI32.DLL!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02780000

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] ADVAPI32.DLL!RegCreateKeyW 77DFBA55 5 Bytes JMP 02780051

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] ADVAPI32.DLL!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02780036

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] MSVCRT.DLL!_wsystem 77C2931E 5 Bytes JMP 02770F89

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] MSVCRT.DLL!system 77C293C7 5 Bytes JMP 02770FA4

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] MSVCRT.DLL!_creat 77C2D40F 5 Bytes JMP 02770FC6

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] MSVCRT.DLL!_open 77C2F566 5 Bytes JMP 02770FEF

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] MSVCRT.DLL!_wcreat 77C2FC9B 5 Bytes JMP 02770FB5

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] MSVCRT.DLL!_wopen 77C30055 5 Bytes JMP 02770000

.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[760] WS2_32.dll!socket 01EC4211 5 Bytes JMP 02760FEF

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[832] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00050FEF

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00050F5E

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00050F79

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00050053

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00050036

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00050F9E

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00050F2B

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00050F3C

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000500A9

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0005008E

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000500C4

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00050025

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0005000A

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00050F4D

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00050FB9

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00050FD4

.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00050F1A

.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0004002C

.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00040069

.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00040011

.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00040FDB

.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00040FAC

.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00040000

.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0004004E

.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0004003D

.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FAF

.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FD4

.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070FEF

.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070000

.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070044

.text C:\WINDOWS\system32\services.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070029

.text C:\WINDOWS\system32\services.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60000

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F600AE

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60FB9

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60093

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60FCA

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60FEF

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F60F8D

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F600D3

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F600FA

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F60F61

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F60F3C

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60076

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F6001B

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60FA8

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F6005B

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F60040

.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F60F7C

.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F5002F

.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F5004A

.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F5001E

.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F50FDE

.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50F8D

.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50FEF

.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F50FA8

.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [15, 89]

.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F50FB9

.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F80FAF

.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F80FCA

.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F80FE5

.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F8000C

.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F8003A

.text C:\WINDOWS\system32\lsass.exe[936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F8001D

.text C:\WINDOWS\system32\lsass.exe[936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F70000

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30FEF

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D3007D

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D3006C

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D3005B

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D3004A

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D30FB2

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D300C6

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D300A9

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30F48

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D300E1

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D300FC

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30039

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D30014

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D3008E

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D30FCD

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D30FDE

.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D30F63

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D20FB9

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D20F72

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D20014

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D20FD4

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D2002F

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D20FEF

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D20F97

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F2, 88]

.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D20FA8

.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02460FC6

.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 02460047

.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0246001B

.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02460000

.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0246002C

.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02460FE3

.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02450FEF

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0FE5

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0FC0

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD00B5

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD009A

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD007D

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0047

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0F79

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F8A

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD00E6

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F4D

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD00F7

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0062

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD000A

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD0F9B

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD002C

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD001B

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD0F5E

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CC0FB9

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CC0039

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CC000A

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CC0FCA

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CC0F7C

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CC0FE5

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CC0F8D

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EC, 88]

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CC0F9E

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0FBE

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0049

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF001D

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0000

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF002E

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF0FE3

.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0000

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E30FE5

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E3006C

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E3005B

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E30040

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E30F8D

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E30FAF

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E30F3F

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E30F5C

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E30EF8

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E30F09

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02E30EE7

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02E30F9E

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E30FCA

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02E30087

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02E3001B

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02E30000

.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02E30F24

.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02E20FDE

.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02E20F83

.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02E20FEF

.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02E2001B

.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02E20FA8

.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02E20000

.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02E2004A

.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02E20FC3

.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 029A0FB9

.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!system 77C293C7 5 Bytes JMP 029A0FCA

.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 029A0033

.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 029A0FEF

.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 029A0044

.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 029A000C

.text C:\WINDOWS\System32\svchost.exe[1220] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02990FEF

.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 02980000

.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenW 3D95DB39 5 Bytes JMP 02980FDB

.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 02980FC0

.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 3D9A6DD7 5 Bytes JMP 02980011

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018F000A

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 018F0F94

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 018F007F

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 018F006E

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 018F0FA5

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 018F0036

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018F00B5

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 018F0F6D

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 018F0F30

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 018F0F41

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 018F0F1F

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 018F0047

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 018F001B

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 018F00A4

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 018F0FCA

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 018F0FE5

.text C:\WINDOWS\Explorer.EXE[1520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 018F0F5C

.text C:\WINDOWS\Explorer.EXE[1520] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 017E0FCA

.text C:\WINDOWS\Explorer.EXE[1520] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 017E0F94

.text C:\WINDOWS\Explorer.EXE[1520] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 017E0FE5

.text C:\WINDOWS\Explorer.EXE[1520] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 017E001B

.text C:\WINDOWS\Explorer.EXE[1520] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 017E0051

.text C:\WINDOWS\Explorer.EXE[1520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 017E000A

.text C:\WINDOWS\Explorer.EXE[1520] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 017E0036

.text C:\WINDOWS\Explorer.EXE[1520] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 017E0FB9

.text C:\WINDOWS\Explorer.EXE[1520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 018E0044

.text C:\WINDOWS\Explorer.EXE[1520] msvcrt.dll!system 77C293C7 5 Bytes JMP 018E0FB9

.text C:\WINDOWS\Explorer.EXE[1520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 018E0018

.text C:\WINDOWS\Explorer.EXE[1520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 018E0FEF

.text C:\WINDOWS\Explorer.EXE[1520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 018E0029

.text C:\WINDOWS\Explorer.EXE[1520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 018E0FDE

.text C:\WINDOWS\Explorer.EXE[1520] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 018D0000

.text C:\WINDOWS\Explorer.EXE[1520] WININET.dll!InternetOpenW 3D95DB39 5 Bytes JMP 018D0011

.text C:\WINDOWS\Explorer.EXE[1520] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 018D0036

.text C:\WINDOWS\Explorer.EXE[1520] WININET.dll!InternetOpenUrlW 3D9A6DD7 1 Byte [E9]

.text C:\WINDOWS\Explorer.EXE[1520] WININET.dll!InternetOpenUrlW 3D9A6DD7 5 Bytes JMP 018D0FDB

.text C:\WINDOWS\Explorer.EXE[1520] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01E10000

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50000

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C500AE

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C50093

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50FB9

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50076

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50036

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50F9E

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C500DA

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50F72

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C50F8D

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C50126

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C50051

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C50011

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C500C9

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C50FCA

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C50FDB

.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C50101

.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C40011

.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C40F83

.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C40FCA

.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C40FE5

.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C40F9E

.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C40000

.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C40036

.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C40FAF

.text C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30FB0

.text C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FC1

.text C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30FD2

.text C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF

.text C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30027

.text C:\WINDOWS\system32\svchost.exe[1648] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C30000

.text C:\WINDOWS\system32\svchost.exe[1648] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20000

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007F0000

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007F0FC0

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007F00AB

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007F0FD1

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007F008E

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007F006C

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007F0F83

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007F0F94

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007F0F4D

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007F0F68

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007F0101

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007F007D

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007F001B

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007F0FAF

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007F0051

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007F0036

.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007F00E6

.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007E0FD4

.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007E0062

.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007E0FE5

.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007E0025

.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007E0051

.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007E000A

.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007E0FAF

.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9E, 88]

.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007E0036

Link to post
Share on other sites

.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007D0F77

.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!system 77C293C7 5 Bytes JMP 007D0F9C

.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007D000C

.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007D0FEF

.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007D0FB7

.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007D0FDE

.text C:\WINDOWS\system32\svchost.exe[1696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780000

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00000

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F72

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00F83

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00F9E

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00FAF

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FCA

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A000A9

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F61

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A00F2B

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A000C4

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000DF

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00051

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00011

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A00082

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A00FDB

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A0002C

.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A00F46

.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FB2

.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F005B

.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FC3

.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0FD4

.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0040

.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0FE5

.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009F002F

.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F001E

.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E004C

.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FC1

.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0027

.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E000C

.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FD2

.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FEF

.text C:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0FEF

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F4B

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F5C

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0F79

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F8A

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FCA

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF007D

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF006C

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0EE4

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0EF5

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0098

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0FAF

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FE5

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF005B

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0036

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF001B

.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F1A

.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930036

.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093006C

.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FE5

.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930011

.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930FA5

.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000

.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930051

.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FCA

.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0092003B

.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB0

.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FC1

.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF

.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920020

.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FD2

.text C:\WINDOWS\system32\svchost.exe[2032] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 00900FEF

.text C:\WINDOWS\system32\svchost.exe[2032] WININET.dll!InternetOpenW 3D95DB39 5 Bytes JMP 00900FDE

.text C:\WINDOWS\system32\svchost.exe[2032] WININET.dll!InternetOpenUrlA 3D95F3D4 5 Bytes JMP 00900FC3

.text C:\WINDOWS\system32\svchost.exe[2032] WININET.dll!InternetOpenUrlW 3D9A6DD7 5 Bytes JMP 00900014

.text C:\WINDOWS\system32\svchost.exe[2032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E0000A

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E0007D

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E0006C

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E00F9E

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E0005B

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E00FCA

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E000C6

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E000A9

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E00F48

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E00F63

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E000FC

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E00FB9

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E00FEF

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E0008E

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E00036

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E00025

.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E000E1

.text C:\WINDOWS\system32\dllhost.exe[4016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0FA1

.text C:\WINDOWS\system32\dllhost.exe[4016] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0FBC

.text C:\WINDOWS\system32\dllhost.exe[4016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE001B

.text C:\WINDOWS\system32\dllhost.exe[4016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0000

.text C:\WINDOWS\system32\dllhost.exe[4016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE002C

.text C:\WINDOWS\system32\dllhost.exe[4016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FE3

.text C:\WINDOWS\system32\dllhost.exe[4016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DF003D

.text C:\WINDOWS\system32\dllhost.exe[4016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DF0073

.text C:\WINDOWS\system32\dllhost.exe[4016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DF002C

.text C:\WINDOWS\system32\dllhost.exe[4016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DF001B

.text C:\WINDOWS\system32\dllhost.exe[4016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DF0FB6

.text C:\WINDOWS\system32\dllhost.exe[4016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DF0000

.text C:\WINDOWS\system32\dllhost.exe[4016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DF0058

.text C:\WINDOWS\system32\dllhost.exe[4016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DF0FD1

.text C:\WINDOWS\system32\dllhost.exe[4016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DD0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service system32\drivers\kungsfjsklyrqq.sys (*** hidden *** ) [sYSTEM] kungsfbpjnboye <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye@imagepath \systemroot\system32\drivers\kungsfjsklyrqq.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\main

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\main@aid 10002

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\main@sid 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\main@cmddelay 7200

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\main\delete

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\main\injector

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\main\injector@* kungsfwsp.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\main\tasks

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\modules@kungsfrk.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\modules@kungsfcmd.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\modules@kungsflog.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\modules@kungsfwsp.dll \systemroot\system32\kungsftstpjaaq.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfbpjnboye\modules@kungsf.dat

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye@start 1

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye@type 1

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye@group file system

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye@imagepath \systemroot\system32\drivers\kungsfjsklyrqq.sys

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\main

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\main@aid 10002

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\main@sid 0

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\main@cmddelay 7200

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\main\delete

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\main\injector

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\main\injector@* kungsfwsp.dll

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\main\tasks

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\modules

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\modules@kungsfrk.sys

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\modules@kungsfcmd.dll

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\modules@kungsflog.dat

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\modules@kungsfwsp.dll \systemroot\system32\kungsftstpjaaq.dll

Reg HKLM\SYSTEM\ControlSet003\Services\kungsfbpjnboye\modules@kungsf.dat

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

The download link did not work so I went to gmer.net and downloaded what I think is the correct application. After I ran the "net stop gmer" I got a "system error 1060 has occured"... "The specified service does not exist as an installed device"

Link to post
Share on other sites

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Link to post
Share on other sites

ComboFix 09-07-05.01 - Jim 07/05/2009 22:25.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.587 [GMT -4:00]

Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Mozilla Firefox\searchplugins\search.xml

c:\recycler\S-1-5-21-1212047261-4263402391-1496300629-500

c:\recycler\S-1-5-21-299502267-1004336348-839522115-500

c:\temp\DIV55

c:\temp\DIV55\xDb.log

c:\windows\Installer\WinRMSrv.msi

c:\windows\setup.exe

c:\windows\system32\404Fix.exe

c:\windows\system32\bin

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\ki3

c:\windows\system32\kungsffnxdlxyi.dat

c:\windows\system32\o4Patch.exe

c:\windows\system32\ripojopo.dll

c:\windows\system32\rukohayo.dll

c:\windows\system32\SrchSTS.exe

c:\windows\system32\UACnbdjfsiftfgthua.db

c:\windows\system32\uactmp.db

c:\windows\system32\uv9

c:\windows\system32\VACFix.exe

c:\windows\system32\VC

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_kungsfbpjnboye

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))

.

2009-07-04 07:52 . 2009-07-04 08:42 117760 ----a-w- c:\documents and settings\Jim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-07-04 07:51 . 2009-07-04 07:51 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-07-04 07:51 . 2009-07-04 07:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-06-12 20:51 . 2009-06-12 20:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-06-11 04:54 . 2009-06-11 04:54 1878984 ----a-w- c:\documents and settings\Jim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2009-06-09 20:20 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-09 20:20 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-06 02:19 . 2006-12-11 06:33 -------- d-----w- c:\program files\mIRC

2009-07-05 11:34 . 2007-03-20 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-04 07:51 . 2008-12-02 22:35 -------- d-----w- c:\documents and settings\Jim\Application Data\SUPERAntiSpyware.com

2009-06-18 06:42 . 2009-03-20 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-18 06:42 . 2009-03-28 11:21 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-17 15:27 . 2009-03-20 22:32 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 15:27 . 2009-03-20 22:32 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-14 00:44 . 2008-01-11 19:07 -------- d-----w- c:\program files\DivX

2009-06-09 20:29 . 2006-09-15 18:39 -------- d-----w- c:\program files\Microsoft Works

2009-06-04 06:39 . 2006-09-01 23:52 -------- d-----w- c:\program files\Common Files\Adobe

2009-06-04 05:04 . 2008-10-26 13:42 -------- d-----w- c:\program files\Google

2009-05-20 09:43 . 2009-05-20 09:43 -------- d-----w- c:\program files\CCleaner

2009-05-13 05:15 . 2006-09-01 21:55 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:32 . 2006-09-01 21:55 345600 ----a-w- c:\windows\system32\localspl.dll

2009-04-17 12:26 . 2006-09-01 21:55 1847168 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:51 . 2006-09-01 21:55 585216 ----a-w- c:\windows\system32\rpcrt4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]

"Google Update"="c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-19 133104]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 136600]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-11 185896]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [9/1/2006 5:56 PM 226304]

S1 dmioo;dmioo;c:\windows\system32\drivers\dmioo.sys --> c:\windows\system32\drivers\dmioo.sys [?]

S1 mspclockk;mspclockk;c:\windows\system32\drivers\mspclockk.sys --> c:\windows\system32\drivers\mspclockk.sys [?]

S1 wpdusbb;wpdusbb;c:\windows\system32\drivers\wpdusbb.sys --> c:\windows\system32\drivers\wpdusbb.sys [?]

S3 P215XXPMS;P215XXP Mass Storage Driver;c:\windows\system32\drivers\p215xfxp.sys [12/26/2006 9:32 PM 5401]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999093525-3925231197-2970045371-1005Core.job

- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-13 20:14]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999093525-3925231197-2970045371-1005UA.job

- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-13 20:14]

2009-06-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-10-08 17:32]

2009-07-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-10-08 17:32]

.

- - - - ORPHANS REMOVED - - - -

BHO-{431E585F-0074-4A8C-B667-3F0196E093A3} - (no file)

HKCU-Run-Aim6 - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.espn.com/

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Settings,ProxyOverride = *.local

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

IE: Crawler Search

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\97qa7y23.default\

FF - prefs.js: browser.startup.homepage - www.espn.com

FF - plugin: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\97qa7y23.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000004.dll

FF - plugin: c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - HiddenExtension: Sotfone Tracker: No Registry Reference - c:\program files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-05 22:32

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(1272)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\program files\SUPERAntiSpyware\SASSEH.DLL

c:\progra~1\SPYBOT~1\SDHelper.dll

c:\program files\McAfee\VirusScan\scriptsn.dll

c:\windows\system32\VBScript.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\program files\Apoint\ApntEx.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\ehome\ehmsas.exe

c:\progra~1\McAfee\MSC\mcuimgr.exe

c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\progra~1\McAfee.com\Agent\mcagent.exe

c:\program files\McAfee\MPF\MpfSrv.exe

.

**************************************************************************

.

Completion time: 2009-07-06 22:36 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-06 02:36

Pre-Run: 6,601,891,840 bytes free

Post-Run: 6,554,775,552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

242 --- E O F --- 2009-06-23 19:19

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:38:36 PM, on 7/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\WINDOWS\explorer.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O2 - BHO: (no name) - {431E585F-0074-4A8C-B667-3F0196E093A3} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--

End of file - 10943 bytes

Link to post
Share on other sites

Everything appears to be okay now. Thanks for your help! I really appreciate it.

Malwarebytes' Anti-Malware 1.38

Database version: 2378

Windows 5.1.2600 Service Pack 3

7/5/2009 10:53:20 PM

mbam-log-2009-07-05 (22-53-20).txt

Scan type: Quick Scan

Objects scanned: 97283

Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Do you have a Window xp disc? I ask because there is one more step, i would like to do to be sure the mbr rootkit is gone. we can't be 100% its gone, unless we run fixmbr from the Windows recovery console.

Please let me know.

I don't think my laptop came with a xp disc. I don't know if this helps but when I installed combofix or gmre, i believe it installed the windows recovery console for me.

Link to post
Share on other sites

open HIjackthis log

Click on misc tools

click on uninstall manager run it and save the log. Post the log in your next reply.

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

5)Restart your computer.

You can fix these in HIjackthis then reboot your computer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O2 - BHO: (no name) - {431E585F-0074-4A8C-B667-3F0196E093A3} - (no file)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

Reboot your machine and let me know if its any faster at bootup

Link to post
Share on other sites

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 7.0.7

AIM 6

Apple Software Update

CCleaner (remove only)

Click to DVD 2.0.03 Menu Data

Click to DVD 2.5.30

Click to DVD Tutorial

dBpowerAMP Music Converter

DirectVobSub (remove only)

DVgate Plus

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

ImageStation

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

InterVideo WinDVD for VAIO

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 7

J2SE Runtime Environment 5.0 Update 9

Java 6 Update 11

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

LAN Setting Utility

LiveUpdate 2.7 (Symantec Corporation)

Macromedia Flash Player 8

Macromedia Flash Player 8 Plugin

Malwarebytes' Anti-Malware

McAfee SecurityCenter

mCore

mDriver

Memory Stick Formatter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1

Microsoft Data Access Components KB870669

Microsoft Digital Image Starter Edition 2006

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Standard

Microsoft Silverlight

Microsoft SQL Server Desktop Engine (VAIO_VEDB)

Microsoft Works

Mirar

mIRC

mMHouse

Mozilla Firefox (3.0.11)

mPfMgr

mProSafe

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

mWlsSafe

mXML

Nero 6 Ultra Edition

Office 2003 Trial Assistant

OpenMG AAC Add-on Module 1.0.00

OpenMG Limited Patch 4.5-06-05-12-01

OpenMG Metadata Extractor for Windows Media Player

OpenMG Secure Module 4.5.01

QuickTime

RealPlayer

Realtek High Definition Audio Driver

Roxio DigitalMedia Audio

Roxio DigitalMedia Copy

Roxio DigitalMedia Data

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Setting Utility Series

Soft Data Fax Modem with SmartCP

Sonic Encoders

SonicStage 4.0

Sony Certificate PCH

Sony MP4 Shared Library

Sony Utilities DLL

Sony Video Shared Library

Spybot - Search & Destroy

Spybot - Search & Destroy 1.4

Symantec KB-DocID:2003093015493306

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update Rollup 2 for Windows XP Media Center Edition 2005

VAIO Backup Utility

VAIO Breeze Wallpaper

VAIO Central

VAIO Entertainment Platform

VAIO Event Service

VAIO Hardware Diagnostics

VAIO Light Flo Wallpaper

VAIO Media 5.0

VAIO Media AC3 Decoder 1.0

VAIO Media Integrated Server 5.0

VAIO Media Redistribution 5.0

VAIO Media Registration Tool 5.0

VAIO Media Tutorial

VAIO Original Screen Saver

VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents

VAIO Power Management

VAIO Registration

VAIO Security Center

VAIO Support Central

VAIO Update 2

VAIO Wireless LAN Setup Utility

VAIOSurveySA

Verizon Online DSL

VideoLAN VLC media player 0.8.6

Winamp

Windows Internet Explorer 8

Windows Media Connect

Windows Media Connect

Windows Media Format Runtime

Windows Media Player 10 Hotfix [see KB886612 for more information]

Windows Media Player Firefox Plugin

Windows XP Media Center Edition 2005 KB908250

Windows XP Media Center Edition 2005 KB915381

Windows XP Service Pack 3

WinRAR archiver

Wireless Switch Setting Utility

Link to post
Share on other sites

Please go Here to install the latest version of Flash player and Acobat Reader.

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u14.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Link to post
Share on other sites

Startup is definitely a lot faster now. I was unable to remove Mirar...The mirar toolbar screen comes up and asks you if you want to uninstall but nothing happens when you choose to uninstall.

Type: Local Disk

File system: NTFS

Used space 62.5 GB

Free space 6.54 GB

Capacity 69 GB

Drive C

Link to post
Share on other sites

Go to Start ---> Run ---> Type ComboFix /u and press enter.

======================================

Here is some useful information on keeping your computer clean:

  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  2. Here are two great Preventive programs

:

  1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
  • Anti-Spyware Programs I Recommend:
  • Free Anti-Spyware Programs
  1. MalwareBytes Anti-Malware
  2. For Even More Information On Securing Your Computer read Tony Klein's
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.