Firefox - Random Opening

Merlock · June 13, 2010

Firefox keeps opening at random time (e.g. http://secure.webpower.com/Refer.dll?Acct=...l-amateur.net/). The "http://secure.webpower.com/Refer.dll?" is always the same but the second bit changes. I've blocked secure.webpower.com on my firewall but the browers keeps trying to open stuff.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4156

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

05/06/2010 15:49:23

mbam-log-2010-06-05 (15-49-23).txt

Scan type: Quick scan

Objects scanned: 166003

Time elapsed: 9 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Michael at 10:03:04.43 on 13/06/2010

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20

Microsoft

Attach.zip

Blade81 · June 17, 2010

Hi,

It seems you've run ComboFix there (not recommended unless requested by trained helper). Post contents of that log (c:\ComboFix.txt). Also, try to run GMER by having just sections option checked.

Merlock · June 19, 2010

ComboFix 10-06-02.04 - Michael 03/06/2010 12:20:58.1.2 - x86

Microsoft

Merlock · June 19, 2010

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-19 12:51:26

Windows 6.0.6002 Service Pack 2

Running: 2hfhjt3c.exe; Driver: C:\Users\Michael\AppData\Local\Temp\awldrfow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 820489D2 5 Bytes JMP 8E3B57CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwNotifyChangeKey 821DC5B5 5 Bytes JMP 8E3B5823 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateUserProcess 821E6B82 5 Bytes JMP 8E3B5766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwTerminateProcess 8220DDA3 5 Bytes JMP 8E3B580F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtMapViewOfSection 8222D4FA 7 Bytes JMP 8E3B57E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8222D7BD 5 Bytes JMP 8E3B57F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetInformationProcess 82231528 5 Bytes JMP 8E3B577A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82236F3D 7 Bytes JMP 8E3B57B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenThread 8223915A 5 Bytes JMP 8E3B5728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenProcess 8223DC08 5 Bytes JMP 8E3B5714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtCreateFile 8225EE19 5 Bytes JMP 8E3B57A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRestoreKey 8226F892 5 Bytes JMP 8E3B5837 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwReplaceKey 82270A96 5 Bytes JMP 8E3B584B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcess 822AE847 5 Bytes JMP 8E3B573C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 822AE892 7 Bytes JMP 8E3B5750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetContextThread 822AF34F 5 Bytes JMP 8E3B578E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x89958000, 0x4036D, 0xE8000020]

.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x899A1000, 0x510, 0x40000040]

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D20F000, 0x2D5526, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[640] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00450F41

.text C:\Windows\system32\services.exe[640] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00450F5C

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00450F04

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 00450F15

.text C:\Windows\system32\services.exe[640] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00450F77

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 0045001B

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00450FCA

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00450087

.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00450051

.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00450FAF

.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00450F94

.text C:\Windows\system32\services.exe[640] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00450036

.text C:\Windows\system32\services.exe[640] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00450076

.text C:\Windows\system32\services.exe[640] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 004500C0

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00450FDB

.text C:\Windows\system32\services.exe[640] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00450000

.text C:\Windows\system32\services.exe[640] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00450F30

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00940054

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 0094002F

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 0094000A

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00940FA8

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00940F97

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00940FDE

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 00940FEF

.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00940FC3

.text C:\Windows\system32\services.exe[640] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00460038

.text C:\Windows\system32\services.exe[640] msvcrt.dll!system 76B6804B 5 Bytes JMP 0046001D

.text C:\Windows\system32\services.exe[640] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00460FC8

.text C:\Windows\system32\services.exe[640] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00460000

.text C:\Windows\system32\services.exe[640] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00460FB7

.text C:\Windows\system32\services.exe[640] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00460FE3

.text C:\Windows\system32\services.exe[640] WS2_32.dll!socket 774236D1 5 Bytes JMP 00950000

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 000A0F37

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 000A007D

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 000A0F0B

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 000A0F1C

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 000A0F6D

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 000A0025

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 000A0036

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 000A006C

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 000A0F88

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 000A0FB9

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 000A0051

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 000A0FCA

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 000A0F52

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 000A00BD

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 000A0FE5

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 000A0000

.text C:\Windows\system32\lsass.exe[656] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 000A0098

.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 000C004D

.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 000C0FBC

.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 000C0FEF

.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 000C0FAB

.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 000C0F86

.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 000C001E

.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 000C0FDE

.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 000C0FCD

.text C:\Windows\system32\lsass.exe[656] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 000B0044

.text C:\Windows\system32\lsass.exe[656] msvcrt.dll!system 76B6804B 5 Bytes JMP 000B0FB9

.text C:\Windows\system32\lsass.exe[656] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 000B0018

.text C:\Windows\system32\lsass.exe[656] msvcrt.dll!_open 76B6D106 5 Bytes JMP 000B0FEF

.text C:\Windows\system32\lsass.exe[656] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 000B0029

.text C:\Windows\system32\lsass.exe[656] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 000B0FDE

.text C:\Windows\system32\lsass.exe[656] WS2_32.dll!socket 774236D1 5 Bytes JMP 0087000A

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00240F68

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00240F79

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 002400FF

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 002400E4

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00240082

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 0024002F

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 0024004A

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreatePipe 76988E6E 3 Bytes JMP 002400AE

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreatePipe + 4 76988E72 1 Byte [89]

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00240F9E

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryW 76989362 3 Bytes JMP 0024005B

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryW + 4 76989366 1 Byte [89]

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryExA 769894B4 3 Bytes JMP 00240FAF

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryExA + 4 769894B8 1 Byte [89]

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryA 769894DC 3 Bytes JMP 00240FD4

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!LoadLibraryA + 4 769894E0 1 Byte [89]

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!VirtualProtectEx 7698DBDA 3 Bytes JMP 00240093

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!VirtualProtectEx + 4 7698DBDE 1 Byte [89]

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 0024011A

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00240FEF

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00240000

.text C:\Windows\system32\svchost.exe[840] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 002400C9

.text C:\Windows\system32\svchost.exe[840] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00250F9F

.text C:\Windows\system32\svchost.exe[840] msvcrt.dll!system 76B6804B 5 Bytes JMP 00250FB0

.text C:\Windows\system32\svchost.exe[840] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00250FD2

.text C:\Windows\system32\svchost.exe[840] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00250000

.text C:\Windows\system32\svchost.exe[840] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00250FC1

.text C:\Windows\system32\svchost.exe[840] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00250FEF

.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00260051

.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 00260FAF

.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00260FEF

.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00260040

.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00260F9E

.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00260FD4

.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 0026000A

.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00260025

.text C:\Windows\system32\svchost.exe[840] WS2_32.dll!socket 774236D1 5 Bytes JMP 00270000

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00710F59

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 0071009F

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00710F2D

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 007100C4

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00710073

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00710FD4

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00710025

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 0071008E

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00710062

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00710047

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00710FA5

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00710036

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00710F7E

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 007100DF

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00710014

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00710FEF

.text C:\Windows\system32\svchost.exe[928] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00710F3E

.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00840FEF

.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!system 76B6804B 5 Bytes JMP 0084007A

.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 0084003A

.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00840000

.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00840055

.text C:\Windows\system32\svchost.exe[928] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 0084001D

.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 0085006C

.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 00850FDB

.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00850000

.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00850FCA

.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00850087

.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00850036

.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 0085001B

.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00850047

.text C:\Windows\system32\svchost.exe[928] WS2_32.dll!socket 774236D1 5 Bytes JMP 0086000A

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00C20F15

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00C2005B

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00C20091

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 00C20080

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00C20F5C

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00C20FCA

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00C2001B

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00C20F30

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00C20036

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00C20F94

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00C20F83

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00C20FA5

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00C20F4B

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00C20ED5

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00C20FE5

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00C20000

.text C:\Windows\System32\svchost.exe[964] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00C20F04

.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00C30FB7

.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!system 76B6804B 5 Bytes JMP 00C30FC8

.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00C3002E

.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00C30000

.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00C30FD9

.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00C3001D

.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00D8006C

.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 00D80FCA

.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00D80FEF

.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00D80051

.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00D8007D

.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00D8001B

.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 00D8000A

.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00D80036

.text C:\Windows\System32\svchost.exe[964] WS2_32.dll!socket 774236D1 5 Bytes JMP 00D90FE5

.text C:\Windows\System32\svchost.exe[964] wininet.dll!InternetOpenA 75BBD690 5 Bytes JMP 00C10000

.text C:\Windows\System32\svchost.exe[964] wininet.dll!InternetOpenW 75BBDB09 5 Bytes JMP 00C10011

.text C:\Windows\System32\svchost.exe[964] wininet.dll!InternetOpenUrlA 75BBF3A4 5 Bytes JMP 00C10022

.text C:\Windows\System32\svchost.exe[964] wininet.dll!InternetOpenUrlW 75C06DDF 5 Bytes JMP 00C10FC7

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 007300AE

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 0073009D

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00730F3C

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 00730F4D

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00730067

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00730014

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00730025

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreatePipe 76988E6E 1 Byte [E9]

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00730F72

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00730F8D

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 0073004A

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00730F9E

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00730FB9

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00730078

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00730F2B

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00730FDE

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00730FEF

.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 007300BF

.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 0075005F

.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!system 76B6804B 5 Bytes JMP 00750FD4

.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00750033

.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00750FEF

.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00750044

.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00750018

.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00760076

.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 00760FD4

.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00760000

.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 0076005B

.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00760091

.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00760FEF

.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 0076001B

.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00760040

.text C:\Windows\System32\svchost.exe[1072] WS2_32.dll!socket 774236D1 5 Bytes JMP 006E0FE5

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00DD006F

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00DD0F29

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00DD00AF

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 00DD0094

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00DD0043

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00DD0FDE

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00DD0FC3

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00DD0F44

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00DD0F6B

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00DD0F97

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00DD0F7C

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00DD0FB2

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00DD005E

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00DD00CA

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00DD0FEF

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00DD0000

.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00DD0F18

.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00DF002C

.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!system 76B6804B 5 Bytes JMP 00DF0FAB

.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00DF000A

.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00DF0FE3

.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00DF001B

.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00DF0FC6

.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 01500047

.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 01500FAF

.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 01500FEF

.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 01500036

.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 01500062

.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 01500FD4

.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 0150000A

.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 0150001B

.text C:\Windows\System32\svchost.exe[1140] WS2_32.dll!socket 774236D1 5 Bytes JMP 01510FE5

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00DE0082

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00DE0067

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00DE00B8

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 00DE0F21

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00DE0F57

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00DE0FD4

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00DE0FAF

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00DE0F3C

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00DE0025

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00DE0F83

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00DE0F68

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00DE0F94

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00DE004C

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00DE00C9

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00DE0FEF

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00DE0000

.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00DE0093

.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00DF003B

.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!system 76B6804B 5 Bytes JMP 00DF0FB0

.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00DF0FD2

.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00DF0000

.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00DF0FC1

.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00DF0FE3

.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 01080F97

.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 01080FC3

.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 01080FEF

.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 01080FA8

.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 01080F86

.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 0108001E

.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 01080FDE

.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 0108002F

.text C:\Windows\system32\svchost.exe[1152] WS2_32.dll!socket 774236D1 5 Bytes JMP 01090000

.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenA 75BBD690 5 Bytes JMP 02960000

.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenW 75BBDB09 5 Bytes JMP 02960025

.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlA 75BBF3A4 5 Bytes JMP 02960FEF

.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlW 75C06DDF 5 Bytes JMP 02960FDE

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1216] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1216] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 0008009F

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 0008008E

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 000800C1

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 00080F2A

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00080058

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00080FD4

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00080025

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00080F59

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00080F7E

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00080036

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00080047

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00080FAF

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00080069

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00080F05

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 0008000A

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00080FEF

.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 000800B0

.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00090FD4

.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!system 76B6804B 5 Bytes JMP 00090055

.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00090029

.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00090FEF

.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00090044

.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 0009000C

.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 000A0047

.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 000A0025

.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 000A0FE5

.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 000A0036

.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 000A0F94

.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 000A0FD4

.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 000A0000

.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 000A0FC3

.text C:\Windows\system32\svchost.exe[1248] WS2_32.dll!socket 774236D1 5 Bytes JMP 000B0000

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 01450F39

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 01450F54

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 01450F0D

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 01450F28

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 01450F9B

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 01450025

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 01450FD4

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 01450F65

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 01450069

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 01450047

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 01450058

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 01450036

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 01450F80

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 014500BF

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 01450FE5

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 01450000

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 014500A4

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 01560FB7

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!system 76B6804B 5 Bytes JMP 01560FC8

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 0156002E

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_open 76B6D106 5 Bytes JMP 01560000

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 01560FD9

.text C:\Windows\system32\svchost.exe[1292] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 0156001D

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 76C739AB 1 Byte [E9]

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 01570FAF

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 01570047

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 0157000A

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 01570FCA

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 01570076

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 01570025

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 01570FEF

.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 01570036

.text C:\Windows\system32\svchost.exe[1292] WS2_32.dll!socket 774236D1 5 Bytes JMP 01580000

.text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenA 75BBD690 5 Bytes JMP 01440000

.text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenW 75BBDB09 5 Bytes JMP 01440FE5

.text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenUrlA 75BBF3A4 5 Bytes JMP 01440FD4

.text C:\Windows\system32\svchost.exe[1292] WinInet.dll!InternetOpenUrlW 75C06DDF 5 Bytes JMP 01440025

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00D60F3C

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00D60078

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00D600B8

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 00D60F2B

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00D6004C

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00D6000A

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00D60025

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00D60067

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00D60F72

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00D60FA8

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00D60F8D

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00D60FB9

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00D60F57

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00D60F10

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00D60FD4

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00D60FEF

.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00D6009D

.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00DB0FB7

.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!system 76B6804B 5 Bytes JMP 00DB0FD2

.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00DB001D

.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00DB0FEF

.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00DB0042

.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00DB000C

.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00DD004A

.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 00DD001E

.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00DD0FEF

.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00DD002F

.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00DD005B

.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00DD0FC3

.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 00DD0FD4

.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00DD0FB2

.text C:\Windows\system32\svchost.exe[1528] WS2_32.dll!socket 774236D1 5 Bytes JMP 00DE0000

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 001700B1

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00170096

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 001700F8

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 001700DD

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00170F61

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00170FC3

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00170FA8

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00170071

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00170F72

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00170025

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00170F83

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00170014

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00170056

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00170F46

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00170FDE

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00170FEF

.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 001700C2

.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00A40FB9

.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!system 76B6804B 5 Bytes JMP 00A40FD4

.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00A40FEF

.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00A40000

.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00A40044

.text C:\Windows\system32\svchost.exe[1864] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00A40029

.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00AF0F9E

.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 00AF0025

.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00AF0FEF

.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00AF0040

.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00AF0F83

.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00AF000A

.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 00AF0FD4

.text C:\Windows\system32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00AF0FB9

.text C:\Windows\system32\svchost.exe[1864] WS2_32.dll!socket 774236D1 5 Bytes JMP 00B80000

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 002000D1

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 002000C0

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00200104

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 002000F3

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00200080

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00200014

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00200FC3

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 0020009B

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 0020006F

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00200FB2

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 0020005E

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00200039

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00200F95

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 0020011F

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00200FDE

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00200FEF

.text C:\Windows\system32\svchost.exe[2408] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 002000E2

.text C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00230FAB

.text C:\Windows\system32\svchost.exe[2408] msvcrt.dll!system 76B6804B 5 Bytes JMP 00230FBC

.text C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00230011

.text C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00230000

.text C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00230022

.text C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00230FD7

.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 0029004A

.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 00290FB2

.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00290FEF

.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00290039

.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 0029005B

.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 0029000A

.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 00290FD4

.text C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00290FC3

.text C:\Windows\system32\svchost.exe[2408] WS2_32.dll!socket 774236D1 5 Bytes JMP 002A0000

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00730F11

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00730F22

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00730EEF

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 00730086

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00730F55

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00730FD4

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00730025

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00730F33

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00730F72

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00730F9E

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00730F83

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00730FB9

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00730F44

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00730EDE

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00730FE5

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00730000

.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00730F00

.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 0074004C

.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!system 76B6804B 5 Bytes JMP 00740031

.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00740FD2

.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00740FEF

.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00740FC1

.text C:\Windows\system32\svchost.exe[2452] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 0074000C

.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 0076005B

.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 00760FCA

.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 0076000A

.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00760FB9

.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 0076006C

.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00760036

.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 00760025

.text C:\Windows\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00760FE5

.text C:\Windows\system32\svchost.exe[2452] WS2_32.dll!socket 774236D1 5 Bytes JMP 00C40000

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00050F3C

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00050F4D

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00050F0D

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 000500A4

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00050F72

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00050014

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00050025

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00050078

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00050F83

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00050040

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00050F94

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00050FB9

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00050067

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00050EFC

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00050FDE

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00050FEF

.text C:\Windows\System32\svchost.exe[2880] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00050093

.text C:\Windows\System32\svchost.exe[2880] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 000A0F77

.text C:\Windows\System32\svchost.exe[2880] msvcrt.dll!system 76B6804B 5 Bytes JMP 000A0F9C

.text C:\Windows\System32\svchost.exe[2880] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 000A0FC1

.text C:\Windows\System32\svchost.exe[2880] msvcrt.dll!_open 76B6D106 5 Bytes JMP 000A0FEF

.text C:\Windows\System32\svchost.exe[2880] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 000A000C

.text C:\Windows\System32\svchost.exe[2880] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 000A0FD2

.text C:\Windows\System32\svchost.exe[2880] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00100051

.text C:\Windows\System32\svchost.exe[2880] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 00100FAF

.text C:\Windows\System32\svchost.exe[2880] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 0010000A

.text C:\Windows\System32\svchost.exe[2880] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00100040

.text C:\Windows\System32\svchost.exe[2880] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00100F94

.text C:\Windows\System32\svchost.exe[2880] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00100FE5

.text C:\Windows\System32\svchost.exe[2880] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 0010001B

.text C:\Windows\System32\svchost.exe[2880] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00100FCA

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00170F15

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00170F26

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00170EC4

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 00170EDF

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00170F5C

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00170FCA

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 0017001B

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00170F41

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00170F79

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00170F94

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00170036

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00170FA5

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00170051

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00170076

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00170000

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00170FE5

.text C:\Windows\Explorer.EXE[4092] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00170EFA

.text C:\Windows\Explorer.EXE[4092] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00620FB2

.text C:\Windows\Explorer.EXE[4092] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 0062004A

.text C:\Windows\Explorer.EXE[4092] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00620FE5

.text C:\Windows\Explorer.EXE[4092] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00620FC3

.text C:\Windows\Explorer.EXE[4092] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00620FA1

.text C:\Windows\Explorer.EXE[4092] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 0062001B

.text C:\Windows\Explorer.EXE[4092] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 00620000

.text C:\Windows\Explorer.EXE[4092] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00620FD4

.text C:\Windows\Explorer.EXE[4092] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00180078

.text C:\Windows\Explorer.EXE[4092] msvcrt.dll!system 76B6804B 5 Bytes JMP 00180053

.text C:\Windows\Explorer.EXE[4092] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00180027

.text C:\Windows\Explorer.EXE[4092] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00180000

.text C:\Windows\Explorer.EXE[4092] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00180038

.text C:\Windows\Explorer.EXE[4092] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00180FE3

.text C:\Windows\Explorer.EXE[4092] WININET.dll!InternetOpenA 75BBD690 5 Bytes JMP 01810000

.text C:\Windows\Explorer.EXE[4092] WININET.dll!InternetOpenW 75BBDB09 5 Bytes JMP 01810FE5

.text C:\Windows\Explorer.EXE[4092] WININET.dll!InternetOpenUrlA 75BBF3A4 5 Bytes JMP 01810FD4

.text C:\Windows\Explorer.EXE[4092] WININET.dll!InternetOpenUrlW 75C06DDF 5 Bytes JMP 0181002F

.text C:\Windows\Explorer.EXE[4092] WS2_32.dll!socket 774236D1 5 Bytes JMP 03D5000A

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4384] kernel32.dll!FindResourceA 76982653 5 Bytes JMP 0042ACC0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4384] kernel32.dll!FindResourceW 769A7FA1 5 Bytes JMP 0042AD00 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4384] USER32.dll!LoadStringA 758C6243 5 Bytes JMP 0042AF90 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4384] USER32.dll!CreateDialogParamW 758C72A2 5 Bytes JMP 0042ADB0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4384] USER32.dll!LoadMenuW 758D1412 5 Bytes JMP 0042AE80 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4384] USER32.dll!LoadStringW 758D9CCB 5 Bytes JMP 0042AEE0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4384] USER32.dll!CreateDialogParamA 758E17AA 5 Bytes JMP 0042AD40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4384] USER32.dll!LoadMenuA 75907C77 5 Bytes JMP 0042AE20 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 00010F4A

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00010090

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00010F14

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 000100AB

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00010F80

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 0001001B

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 0001002C

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 00010F65

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00010F9B

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00010058

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00010FAC

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00010047

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 00010075

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00010EF9

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 00010000

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00010FE5

.text C:\Windows\system32\svchost.exe[4508] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 00010F39

.text C:\Windows\system32\svchost.exe[4508] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00050031

.text C:\Windows\system32\svchost.exe[4508] msvcrt.dll!system 76B6804B 5 Bytes JMP 00050FA6

.text C:\Windows\system32\svchost.exe[4508] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00050FD2

.text C:\Windows\system32\svchost.exe[4508] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00050FEF

.text C:\Windows\system32\svchost.exe[4508] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00050FB7

.text C:\Windows\system32\svchost.exe[4508] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 0005000C

.text C:\Windows\system32\svchost.exe[4508] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00060FA5

.text C:\Windows\system32\svchost.exe[4508] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 0006002C

.text C:\Windows\system32\svchost.exe[4508] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00060000

.text C:\Windows\system32\svchost.exe[4508] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 00060047

.text C:\Windows\system32\svchost.exe[4508] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00060058

.text C:\Windows\system32\svchost.exe[4508] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00060011

.text C:\Windows\system32\svchost.exe[4508] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 00060FE5

.text C:\Windows\system32\svchost.exe[4508] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 00060FC0

.text C:\Windows\system32\svchost.exe[4508] WS2_32.dll!socket 774236D1 5 Bytes JMP 00070FEF

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!GetStartupInfoW 76961929 5 Bytes JMP 000100A2

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!GetStartupInfoA 769619C9 5 Bytes JMP 00010F52

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!CreateProcessW 76961BF3 5 Bytes JMP 00010F23

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!CreateProcessA 76961C28 5 Bytes JMP 000100C4

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!VirtualProtect 76961DC3 5 Bytes JMP 00010047

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!CreateNamedPipeA 76962EF5 5 Bytes JMP 00010FCA

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!CreateNamedPipeW 76965C0C 5 Bytes JMP 00010025

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!CreatePipe 76988E6E 5 Bytes JMP 0001007D

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!LoadLibraryExW 76989109 5 Bytes JMP 00010F79

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!LoadLibraryW 76989362 5 Bytes JMP 00010036

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!LoadLibraryExA 769894B4 5 Bytes JMP 00010F8A

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!LoadLibraryA 769894DC 5 Bytes JMP 00010FB9

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!VirtualProtectEx 7698DBDA 5 Bytes JMP 0001006C

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!GetProcAddress 769A903B 5 Bytes JMP 00010F12

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!CreateFileW 769AAECB 5 Bytes JMP 0001000A

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!CreateFileA 769ACE5F 5 Bytes JMP 00010FEF

.text C:\Windows\system32\svchost.exe[4824] kernel32.dll!WinExec 769F5CF7 5 Bytes JMP 000100B3

.text C:\Windows\system32\svchost.exe[4824] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00050F9C

.text C:\Windows\system32\svchost.exe[4824] msvcrt.dll!system 76B6804B 5 Bytes JMP 00050FAD

.text C:\Windows\system32\svchost.exe[4824] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 0005001D

.text C:\Windows\system32\svchost.exe[4824] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00050000

.text C:\Windows\system32\svchost.exe[4824] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00050FC8

.text C:\Windows\system32\svchost.exe[4824] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00050FE3

.text C:\Windows\system32\svchost.exe[4824] ADVAPI32.dll!RegCreateKeyExA 76C739AB 5 Bytes JMP 00060F8A

.text C:\Windows\system32\svchost.exe[4824] ADVAPI32.dll!RegCreateKeyA 76C73BA9 5 Bytes JMP 0006001B

.text C:\Windows\system32\svchost.exe[4824] ADVAPI32.dll!RegOpenKeyA 76C789C7 5 Bytes JMP 00060FEF

.text C:\Windows\system32\svchost.exe[4824] ADVAPI32.dll!RegCreateKeyW 76C8391E 5 Bytes JMP 0006002C

.text C:\Windows\system32\svchost.exe[4824] ADVAPI32.dll!RegCreateKeyExW 76C841F1 5 Bytes JMP 00060047

.text C:\Windows\system32\svchost.exe[4824] ADVAPI32.dll!RegOpenKeyExA 76C87C42 5 Bytes JMP 00060FB9

.text C:\Windows\system32\svchost.exe[4824] ADVAPI32.dll!RegOpenKeyW 76C8E2B5 5 Bytes JMP 00060FD4

.text C:\Windows\system32\svchost.exe[4824] ADVAPI32.dll!RegOpenKeyExW 76C97BA1 5 Bytes JMP 0006000A

.text C:\Windows\system32\svchost.exe[4824] WS2_32.dll!socket 774236D1 5 Bytes JMP 0007000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[7728] ntdll.dll!LdrLoadDll 77219390 5 Bytes JMP 012913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- EOF - GMER 1.0.15 ----

Blade81 · June 19, 2010

Hi,

Disable protection and run ComboFix (let it update itself). Post back the report + fresh dds logs.

Merlock · June 19, 2010

Can't seem to download combofix.

DDS Logs as follows.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Michael at 0:01:35.97 on 20/06/2010

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20

Microsoft

Attach.zip

Merlock · June 20, 2010

Tried to download Combofix again this morning and it worked, so here's the log.

ComboFix 10-06-19.03 - Michael 20/06/2010 9:10.2.2 - x86

Microsoft

Merlock · June 20, 2010

ComboFix 10-06-19.03 - Michael 20/06/2010 9:10.2.2 - x86

Microsoft

Blade81 · June 20, 2010

Hi,

Is that all contents of ComboFix.txt file? Seems that only part of the header got posted. Please run ComboFix again if that was complete log. Otherwise, attach the log file as file attachment.

Merlock · June 20, 2010

Not sure why that didn't work, anyway log attached.

ComboFix.txt

Blade81 · June 20, 2010

Hi,

Upload c:\programdata (x86)\host.exe file to http://www.virustotal.com and post back the results or a link to the results. Does the original issue still appear?

Merlock · June 20, 2010

Yes, the original issue still appears.

Here's the link to the results;

http://www.virustotal.com/analisis/b053873...9a5f-1274577337

Blade81 · June 20, 2010

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).

2. Execute the file TDSSKiller.exe and wait for the process to finish.

3. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=53832
Collect::
c:\programdata (x86)\host.exe
Suspect::
c:\windows\system32\drivers\hmonitor45.sys
DirLook::
c:\programdata (x86)
DDS::
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows, disable protection and refering to the picture above, drag CFScript into ComboFix.exe (let ComboFix update itself)

Then post the resultant log.

Uninstall these old Javas:

Java 6 Update 3

Java 6 Update 7

Uninstall Zynga toolbar if not installed on purpose.

Download http://www.atribune.org/ccount/click.php?id=1' target="_blank">ATF (Atribune Temp File) Cleaner

Blade81 · June 20, 2010

(had to post these remaining steps in separate reply)

Double-click ATF Cleaner.exe to open it

Under Main choose:

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

If you use Firefox:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Merlock · June 20, 2010

21:10:58:469 4336 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

21:10:58:469 4336 ================================================================================

21:10:58:469 4336 SystemInfo:

21:10:58:469 4336 OS Version: 6.0.6002 ServicePack: 2.0

21:10:58:469 4336 Product type: Workstation

21:10:58:469 4336 ComputerName: TOSHIBA-PC

21:10:58:470 4336 UserName: Michael

21:10:58:470 4336 Windows directory: C:\Windows

21:10:58:470 4336 Processor architecture: Intel x86

21:10:58:470 4336 Number of processors: 2

21:10:58:470 4336 Page size: 0x1000

21:10:58:473 4336 Boot type: Normal boot

21:10:58:473 4336 ================================================================================

21:11:22:986 4336 Initialize success

21:11:22:987 4336

21:11:22:987 4336 Scanning Services ...

21:11:24:140 4336 Raw services enum returned 491 services

21:11:24:157 4336

21:11:24:158 4336 Scanning Drivers ...

21:11:25:089 4336 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

21:11:25:368 4336 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

21:11:25:479 4336 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

21:11:25:529 4336 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

21:11:25:568 4336 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

21:11:25:612 4336 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

21:11:25:654 4336 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

21:11:25:697 4336 agtun (5ea34dc1ddc4e43250f1d27e6ba8eeb1) C:\Windows\system32\DRIVERS\agtun.sys

21:11:25:821 4336 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

21:11:25:862 4336 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

21:11:25:897 4336 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

21:11:25:931 4336 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

21:11:25:966 4336 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

21:11:26:001 4336 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

21:11:26:040 4336 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

21:11:26:069 4336 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

21:11:26:104 4336 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

21:11:26:149 4336 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

21:11:26:198 4336 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys

21:11:26:595 4336 atikmdag (6b70eb8e4aaf60598d61bcf8c41eacfb) C:\Windows\system32\DRIVERS\atikmdag.sys

21:11:26:928 4336 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys

21:11:27:019 4336 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

21:11:27:055 4336 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

21:11:27:086 4336 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

21:11:27:121 4336 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

21:11:27:154 4336 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

21:11:27:184 4336 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

21:11:27:221 4336 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

21:11:27:252 4336 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

21:11:27:278 4336 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

21:11:27:322 4336 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

21:11:27:455 4336 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

21:11:27:514 4336 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

21:11:27:554 4336 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

21:11:27:671 4336 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

21:11:27:704 4336 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

21:11:27:735 4336 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

21:11:27:754 4336 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

21:11:27:776 4336 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

21:11:27:808 4336 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

21:11:27:846 4336 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

21:11:27:882 4336 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

21:11:27:928 4336 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

21:11:27:960 4336 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

21:11:28:013 4336 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

21:11:28:065 4336 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

21:11:28:123 4336 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

21:11:28:186 4336 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

21:11:28:233 4336 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

21:11:28:272 4336 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

21:11:28:309 4336 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

21:11:28:343 4336 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

21:11:28:412 4336 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

21:11:28:447 4336 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

21:11:28:487 4336 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

21:11:28:522 4336 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

21:11:28:549 4336 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

21:11:28:602 4336 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

21:11:28:625 4336 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

21:11:28:654 4336 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

21:11:28:734 4336 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

21:11:28:780 4336 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:11:28:869 4336 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

21:11:28:947 4336 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:11:29:003 4336 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

21:11:29:030 4336 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

21:11:29:058 4336 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

21:11:29:090 4336 Hmonitor45 (845af1ba23c8d5e64def61bcc441604c) C:\Windows\system32\drivers\hmonitor45.sys

21:11:29:168 4336 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

21:11:29:219 4336 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

21:11:29:319 4336 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys

21:11:29:497 4336 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

21:11:29:661 4336 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys

21:11:29:760 4336 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

21:11:29:881 4336 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

21:11:29:912 4336 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

21:11:29:950 4336 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

21:11:29:992 4336 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

21:11:30:085 4336 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys

21:11:30:266 4336 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

21:11:30:307 4336 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

21:11:30:344 4336 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:11:30:396 4336 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

21:11:30:434 4336 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

21:11:30:478 4336 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

21:11:30:511 4336 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

21:11:30:562 4336 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

21:11:30:596 4336 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

21:11:30:645 4336 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

21:11:30:687 4336 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys

21:11:30:771 4336 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:11:30:803 4336 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

21:11:30:854 4336 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys

21:11:30:911 4336 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

21:11:30:973 4336 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

21:11:31:010 4336 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

21:11:31:047 4336 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

21:11:31:076 4336 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

21:11:31:117 4336 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

21:11:31:157 4336 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

21:11:31:190 4336 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

21:11:31:232 4336 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

21:11:31:301 4336 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys

21:11:31:410 4336 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys

21:11:31:516 4336 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys

21:11:31:621 4336 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys

21:11:31:703 4336 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys

21:11:31:792 4336 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

21:11:31:824 4336 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

21:11:31:849 4336 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

21:11:31:883 4336 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys

21:11:31:915 4336 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

21:11:31:967 4336 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys

21:11:32:184 4336 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

21:11:32:221 4336 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

21:11:32:256 4336 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

21:11:32:307 4336 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

21:11:32:361 4336 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:11:32:498 4336 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:11:32:631 4336 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:11:32:777 4336 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

21:11:32:819 4336 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

21:11:32:842 4336 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

21:11:32:885 4336 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

21:11:32:913 4336 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

21:11:32:945 4336 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

21:11:32:978 4336 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

21:11:33:028 4336 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

21:11:33:057 4336 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

21:11:33:090 4336 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

21:11:33:125 4336 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

21:11:33:174 4336 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

21:11:33:229 4336 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

21:11:33:276 4336 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

21:11:33:303 4336 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

21:11:33:339 4336 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:11:33:368 4336 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

21:11:33:408 4336 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

21:11:33:484 4336 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

21:11:33:520 4336 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

21:11:33:575 4336 nmwcd (28e36e677849174c910faaead3e60e9e) C:\Windows\system32\drivers\ccdcmb.sys

21:11:33:659 4336 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\Windows\system32\drivers\ccdcmbo.sys

21:11:33:756 4336 nmwcdnsu (496f34fb30dd541350b29558842cd42a) C:\Windows\system32\drivers\nmwcdnsu.sys

21:11:33:910 4336 nmwcdnsuc (99fbb538789888e6a48b902417f68dd4) C:\Windows\system32\drivers\nmwcdnsuc.sys

21:11:34:046 4336 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

21:11:34:087 4336 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

21:11:34:158 4336 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

21:11:34:251 4336 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

21:11:34:287 4336 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

21:11:34:322 4336 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

21:11:34:349 4336 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

21:11:34:388 4336 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

21:11:34:449 4336 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

21:11:34:489 4336 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

21:11:34:539 4336 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

21:11:34:569 4336 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

21:11:34:608 4336 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys

21:11:34:705 4336 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

21:11:34:752 4336 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

21:11:34:788 4336 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

21:11:34:844 4336 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

21:11:34:900 4336 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

21:11:34:923 4336 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

21:11:34:969 4336 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

21:11:34:990 4336 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

21:11:35:057 4336 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

21:11:35:140 4336 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

21:11:35:177 4336 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

21:11:35:207 4336 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

21:11:35:237 4336 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:11:35:271 4336 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

21:11:35:305 4336 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

21:11:35:353 4336 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

21:11:35:404 4336 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:11:35:447 4336 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

21:11:35:472 4336 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

21:11:35:509 4336 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

21:11:35:553 4336 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

21:11:35:580 4336 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

21:11:35:631 4336 RTHDMIAzAudService (c853ae16ccf5033c0cba0855390f5c7f) C:\Windows\system32\drivers\RtHDMIV.sys

21:11:35:723 4336 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys

21:11:35:879 4336 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS

21:11:36:018 4336 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

21:11:36:058 4336 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:11:36:092 4336 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

21:11:36:125 4336 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

21:11:36:160 4336 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

21:11:36:213 4336 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys

21:11:36:302 4336 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

21:11:36:369 4336 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

21:11:36:423 4336 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

21:11:36:500 4336 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys

21:11:36:585 4336 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

21:11:36:622 4336 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

21:11:36:654 4336 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

21:11:36:708 4336 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

21:11:36:761 4336 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

21:11:36:785 4336 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

21:11:36:844 4336 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys

21:11:37:332 4336 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys

21:11:37:515 4336 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys

21:11:37:570 4336 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

21:11:37:669 4336 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

21:11:37:715 4336 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

21:11:37:755 4336 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

21:11:37:791 4336 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

21:11:37:831 4336 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

21:11:37:956 4336 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys

21:11:38:077 4336 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys

21:11:38:122 4336 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

21:11:38:263 4336 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

21:11:38:341 4336 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

21:11:38:373 4336 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

21:11:38:420 4336 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

21:11:38:465 4336 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

21:11:38:524 4336 toshidpt (85b6ff02491b6db3572b4f93e56cab7c) C:\Windows\system32\drivers\Toshidpt.sys

21:11:38:668 4336 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys

21:11:38:817 4336 tosrfbd (00371ce4da09b68ba0ff953e61820981) C:\Windows\system32\DRIVERS\tosrfbd.sys

21:11:38:960 4336 tosrfbnp (74392bab3f0d4810da8436ec79d6955d) C:\Windows\system32\Drivers\tosrfbnp.sys

21:11:39:102 4336 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys

21:11:39:250 4336 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys

21:11:39:401 4336 tosrfnds (b2a1a6538245fd69578224bbf2fd4677) C:\Windows\system32\DRIVERS\tosrfnds.sys

21:11:39:543 4336 TosRfSnd (f1ca74cca8241d8b8a024aecc643c547) C:\Windows\system32\drivers\tosrfsnd.sys

21:11:39:700 4336 Tosrfusb (f400fb9616261a1b66e6d2e04b6c3538) C:\Windows\system32\DRIVERS\tosrfusb.sys

21:11:39:853 4336 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

21:11:40:018 4336 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:11:40:100 4336 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

21:11:40:147 4336 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

21:11:40:301 4336 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

21:11:40:441 4336 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

21:11:40:488 4336 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

21:11:40:530 4336 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

21:11:40:569 4336 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

21:11:40:623 4336 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

21:11:40:667 4336 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

21:11:40:720 4336 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

21:11:40:742 4336 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys

21:11:40:778 4336 upperdev (b1b8bee26227dad9835019201552cb05) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

21:11:40:868 4336 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys

21:11:41:006 4336 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

21:11:41:037 4336 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

21:11:41:083 4336 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

21:11:41:113 4336 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

21:11:41:147 4336 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

21:11:41:188 4336 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

21:11:41:235 4336 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

21:11:41:275 4336 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys

21:11:41:301 4336 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

21:11:41:395 4336 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:11:41:447 4336 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

21:11:41:477 4336 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

21:11:41:514 4336 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS

21:11:41:657 4336 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

21:11:41:676 4336 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

21:11:41:713 4336 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

21:11:41:738 4336 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

21:11:41:771 4336 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

21:11:41:823 4336 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

21:11:41:882 4336 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

21:11:41:929 4336 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

21:11:41:971 4336 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

21:11:42:009 4336 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

21:11:42:043 4336 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:11:42:054 4336 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:11:42:080 4336 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

21:11:42:108 4336 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

21:11:42:280 4336 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

21:11:42:491 4336 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys

21:11:42:527 4336 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

21:11:42:600 4336 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

21:11:42:632 4336 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

21:11:42:663 4336 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:11:42:697 4336 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

21:11:42:755 4336

21:11:42:756 4336 Completed

21:11:42:756 4336

21:11:42:756 4336 Results:

21:11:42:757 4336 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

21:11:42:757 4336 File objects infected / cured / cured on reboot: 0 / 0 / 0

21:11:42:758 4336

21:11:42:761 4336 KLMD(ARK) unloaded successfully

Merlock · June 20, 2010

Combofix log attached

ComboFix.txt

Blade81 · June 21, 2010

Shall wait for those other requested reports before further steps.

Merlock · June 22, 2010

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, June 22, 2010

Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Monday, June 21, 2010 11:37:48

Records in database: 4304883

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

E:\

F:\

Scan statistics:

Objects scanned: 182247

Threats found: 2

Infected objects found: 4

Suspicious objects found: 0

Scan duration: 22:11:24

File name / Threat / Threats count

C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6ce4b700-3e87c061 Infected: Trojan-Downloader.Java.Agent.aj 1

C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\62047ba-15864be7 Infected: Trojan-Downloader.Java.Agent.ap 3

Selected area has been scanned.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Michael at 18:26:53.44 on 22/06/2010

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20

Microsoft

Merlock · June 22, 2010

DDS Log attached

DDS.txt

Attach.txt

Blade81 · June 22, 2010

Hi,

Does the issue still appear? If yes, we need to see if Firefox uninstalling has any effect on it. Before doing that you should backup your bookmarks if you want them saved:

Go to Bookmarks > Organize Bookmarks. In the window that pops up, click Import and Backup (a button at the top of the window). Click export HTML.

When done, uninstall Firefox completely (including profile):

1. Go to Programs and Features in Control Panel and uninstall Firefox (have "Remove my Firefox personal data and customizations" selected).

2. Delete following folders if still found:

c:\program files\mozilla firefox

c:\users\Michael\AppData\Roaming\Mozilla

After that's done reboot and see if there're still issues (don't reinstall Firefox yet but use Internet Explorer for surfing). Let me know if the issue still appears and post back fresh dds logs.

Merlock · June 22, 2010

I haven't had a repeat of the issue today. I'll use firefox as normal for a day or so and see what happens.

Thanks very much for your help so far. I must say I feel a bit let down by McAfee's protection performance, what would you recomend for protection going forward?

Blade81 · June 22, 2010

Hi,

I'll use firefox as normal for a day or so and see what happens.

That suits fine. Shall wait for your status report :welcome:

I must say I feel a bit let down by McAfee's protection performance, what would you recomend for protection going forward?

Malware changes daily so it's impossible for vendors to stay updated against all possible threats. Some protection can't see something that other product does and vice versa.

AdvancedSetup · July 8, 2010

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Firefox - Random Opening

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information