View Full Version : I think this is what I need to do...
Hello Obi Wans -
I am doing this for a friend's machine which will only connect to the internet very slowly, and will not allow us to run Spybot. What ever dark little bit of malware this is will not let us visit sites that have anitmalware apps.
Here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:55 PM, on 2/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
E:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\7ab9a0301.dll""
O4 - HKUS\S-1-5-20\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\7ab9a0301.dll"" (User '?')
O4 - HKUS\S-1-5-21-2926311216-3394462548-465044994-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\7ab9a0301.dll"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\7ab9a0301.dll"" (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229576902923&h=f14f4d7b66ea6b067add6daf8b53917a/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10517 bytes
Hi anahk
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site 1 (http://hype.free.googlepages.com/gmer.zip)
alternate download site 2 (http://www.castlecops.com/downloads-file-546.html)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the log
You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other unning programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan.
Hiya - When I post the reply, I get the message, "The text that you have entered is too long (213100 characters). Please shorten it to 64000 characters long."
Would you like me to attach the txt file? I made sure that "show all" was not checked.
Khana
Yes, please attempt to attach it :)
How do you attach files to these things?
...assuming it is because I am a newbie. I will post in two threads
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-01 07:35:13
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAAD229AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAAD22A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAAD22958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAAD2296C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAAD22A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAAD22A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAAD22AF4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAAD22AD9]
Code 86A5F2C0 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAAD229EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAAD22B1E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAAD22A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAAD22930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAAD22944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAAD229BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAAD22B5A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAAD22AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAAD22AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAAD22A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAAD22B46]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAAD22B32]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAAD22996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAAD22982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAAD22A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAAD22A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAAD22B08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAAD22A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAAD229D4]
Code 86A6E0B6 IofCallDriver
Code 86A6EC16 IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 86A6E0BB
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 86A6EC1B
.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP AAD229D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP AAD229AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP AAD229EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP AAD22A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 86A5F2C4
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP AAD229C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP AAD22934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP AAD22948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP AAD22986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP AAD22970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP AAD2295C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP AAD2299A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP AAD22A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 8061854A 7 Bytes JMP AAD22AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80618898 7 Bytes JMP AAD22A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80618BC2 7 Bytes JMP AAD22B0C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80619460 7 Bytes JMP AAD22AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D34 7 Bytes JMP AAD22A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A312 5 Bytes JMP AAD22A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7A2 7 Bytes JMP AAD22A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A972 7 Bytes JMP AAD22A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB52 5 Bytes JMP AAD22AF8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8061ADBC 7 Bytes JMP AAD22ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B6E4 5 Bytes JMP AAD22A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 8061BA0A 7 Bytes JMP AAD22B5E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8061BCCA 5 Bytes JMP AAD22B36 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8061C3BE 5 Bytes JMP AAD22B4A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C4D8 5 Bytes JMP AAD22B22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.14 ----
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[168] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A6000A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[168] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A7000A
.text C:\WINDOWS\Explorer.EXE[312] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C8000A
.text C:\WINDOWS\Explorer.EXE[312] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C9000A
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01BC0000
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01BC00A4
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01BC0089
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01BC0FA5
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01BC0FB6
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01BC003D
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01BC0F77
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01BC00BF
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateProcessW 7C802336 13 Bytes JMP 01BC0F66
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01BC00FF
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01BC011B
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01BC0058
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01BC0011
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 21, 01, 50 ]
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, B9, 00, C3 ]
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01BC0F94
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01BC002C
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01BC0FE5
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01BC00E4
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01BA0040
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01BA00A2
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01BA0FEF
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01BA0025
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01BA0091
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01BA000A
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01BA0076
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01BA005B
.text C:\WINDOWS\Explorer.EXE[312] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01BB0000
.text C:\WINDOWS\Explorer.EXE[312] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01BB0FE5
.text C:\WINDOWS\Explorer.EXE[312] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01BB0FD4
.text C:\WINDOWS\Explorer.EXE[312] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01BB0FB9
.text C:\WINDOWS\Explorer.EXE[312] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01A30FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[352] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0081000A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[352] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0082000A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[352] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009A000A
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009B000A
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 09, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 0A, 09, 50 ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, E6, 08, C3 ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 27, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 27, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 2A, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, F9, 08, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, 1A, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, 1A, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, 1A, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, 1A, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, 1A, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, 1A, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, 1B, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, 1B, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, 1C, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, 1C, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, 1C, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, 1D, 09, 50, ... ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[444] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, 21, 09, 50, ... ]
.text C:\Program Files\McAfee\VirusScan\McShield.exe[460] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006E000A
.text C:\Program Files\McAfee\VirusScan\McShield.exe[460] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\igfxtray.exe[516] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\igfxtray.exe[516] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\hkcmd.exe[528] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\hkcmd.exe[528] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009A000A
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[540] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B5000A
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[540] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B6000A
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[540] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 28, 01, 50, ... ]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[540] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 29, 01, 50 ]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[540] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, CC, 00, C3 ]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[540] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 39, 01, 50, ... ]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[540] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 39, 01, 50, ... ]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[540] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 3C, 01, 50, ... ]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[540] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 1A, 01, 50, ... ]
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A0000A
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A1000A
.text C:\WINDOWS\AGRSMMSG.exe[564] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 0F, 01, 50, ... ]
.text C:\WINDOWS\AGRSMMSG.exe[564] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 10, 01, 50 ]
.text C:\WINDOWS\AGRSMMSG.exe[564] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, A9, 00, C3 ]
.text C:\WINDOWS\AGRSMMSG.exe[564] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 20, 01, 50, ... ]
.text C:\WINDOWS\AGRSMMSG.exe[564] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 20, 01, 50, ... ]
.text C:\WINDOWS\AGRSMMSG.exe[564] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 23, 01, 50, ... ]
.text C:\WINDOWS\AGRSMMSG.exe[564] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 01, 01, 50, ... ]
.text C:\Program Files\Apoint2K\Apoint.exe[584] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A1000A
.text C:\Program Files\Apoint2K\Apoint.exe[584] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A2000A
.text C:\Program Files\Apoint2K\Apoint.exe[584] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 03, 01, 50, ... ]
.text C:\Program Files\Apoint2K\Apoint.exe[584] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 04, 01, 50 ]
.text C:\Program Files\Apoint2K\Apoint.exe[584] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, AA, 00, C3 ]
.text C:\Program Files\Apoint2K\Apoint.exe[584] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 14, 01, 50, ... ]
.text C:\Program Files\Apoint2K\Apoint.exe[584] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 14, 01, 50, ... ]
.text C:\Program Files\Apoint2K\Apoint.exe[584] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 17, 01, 50, ... ]
.text C:\Program Files\Apoint2K\Apoint.exe[584] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, F5, 00, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BC000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00BD000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, D6, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, D7, 01, 50 ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, B3, 01, C3 ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, F4, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, F4, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, F7, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, E7, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, E7, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, E7, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, E7, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, E7, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, E7, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!InternetWriteFile 78073645 13 Bytes CALL 486F864B
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes CALL 78704C10
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!HttpSendRequestW 78080825 13 Bytes JMP A870582B
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes JMP F8707AB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes JMP 98707AE8
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes JMP 60685001
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, EE, 01, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[596] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, C8, 01, 50, ... ]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[616] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A2000A
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[616] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A3000A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[648] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0098000A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[648] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0099000A
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[684] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 008F000A
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[684] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 7D, 02, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 7E, 02, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, C6, 01, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[720] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 6A, 02, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[720] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 6A, 02, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[720] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 6D, 02, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[720] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, C4, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[756] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[756] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A1000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[756] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, AC, 00, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[756] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, AD, 00, 50 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[756] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 85, 00, C3 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[756] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 32, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[756] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 32, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[756] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 35, 01, 50, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[756] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 79, 00, 50, ... ]
.text C:\WINDOWS\system32\services.exe[764] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[764] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070084
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F8F
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070069
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F4D
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F68
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700DC
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700C1
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F28
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070FB6
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070095
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FDB
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000700B0
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 26, 88 ]
.text C:\WINDOWS\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 008C000A
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60F55
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60F66
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60F77
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60F94
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60025
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D60F38
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D60080
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessW 7C802336 13 Bytes JMP 00D60EF1
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60F02
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D60ED5
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D60036
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 9D, 00, 50 ]
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 75, 00, C3 ]
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D60065
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D60014
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D60FC3
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D60F1D
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D5002F
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D50F97
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D50014
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D50054
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, D8, 00, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, D8, 00, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D50FB2
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F5, 88 ]
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D50FC3
.text C:\WINDOWS\system32\lsass.exe[776] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, DB, 00, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[776] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\lsass.exe[776] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, C5, 00, 50, ... ]
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[892] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006F000A
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[892] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E0000A
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E0006F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E00F7A
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E00F97
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E00FA8
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E00040
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E000AC
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E00091
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 13 Bytes JMP 02E000DC
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E00F38
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02E000F7
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02E00FB9
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02E00FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, AE, 00, 50 ]
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 86, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02E00080
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02E00FD4
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02E00025
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02E00F49
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02DE0FCA
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02DE0F83
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02DE0025
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02DE0000
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02DE0FA8
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02DE0FEF
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 55, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 55, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 02DE004A
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02DE0FB9
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 58, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02DC0FEF
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02DF0FE5
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02DF000A
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02DF001B
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02DF0036
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[1004] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A1000A
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[1004] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A2000A
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01240FEF
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01240FA8
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0124009D
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01240076
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0124005B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01240040
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012400E4
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012400D3
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0124012E
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01240F8B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01240F7A
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01240FC3
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0124000A
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 012400C2
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01240FD4
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0124001B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 012400FF
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01220FD4
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01220076
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0122001B
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0122000A
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01220065
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01220FE5
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01220FC3
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 42, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01220040
.text C:\WINDOWS\system32\svchost.exe[1044] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01230FEF
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 0123000A
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01230FCA
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01230FB9
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A9000A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AA000A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 46, 01, 50, ... ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 47, 01, 50 ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 33, 01, C3 ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, E0, 00, 50, ... ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, E0, 00, 50, ... ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, E3, 00, 50, ... ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] WS2_32.dll!send 71AB4C27 10 Bytes [ 58, 68, 27, 4C, D3, 00, 50, ... ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1100] WS2_32.dll!send + B 71AB4C32 2 Bytes [ 01, C3 ]
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F3000A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00F4000A
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01150000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01150078
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01150067
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01150056
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01150F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01150FAF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01150F68
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011500B0
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01150F46
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01150F57
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01150F21
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01150F9E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01150FDB
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01150089
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01150FC0
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01150011
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 011500CB
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01140F9E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01140033
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01140FAF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01140FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01140022
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01140FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01140011
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01140000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01120FEF
.text C:\Program Files\QuickTime\QTTask.exe[1152] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009E000A
.text C:\Program Files\QuickTime\QTTask.exe[1152] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00BC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 5C, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 5D, 01, 50 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 29, 01, C3 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, 6D, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, 6D, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, 6D, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, 6D, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, 6D, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, 6D, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, 6E, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, 6E, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, 6F, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, 6F, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, 6F, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, 70, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, 74, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 84, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 84, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 87, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] USER32.dll!PeekMessageW 7E41929B 13 Bytes [ 58, 68, 9B, 92, 79, 01, 50, ... ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1164] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 4C, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03F3000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03F300B8
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03F300A7
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03F3008A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03F30FCD
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03F30065
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03F30F8B
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03F30FA8
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802336 13 Bytes JMP 03F30102
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03F30F69
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 03F30113
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03F30FDE
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03F3001B
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 32, 01, 50 ]
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 86, 00, C3 ]
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03F300D3
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03F30040
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03F30FEF
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 03F30F7A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 03F1001B
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 03F10F79
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 03F1000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 03F10FD4
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 03F10036
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 03F10FEF
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 63, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 63, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 03F10F94
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 11, 8C ]
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 03F10FAF
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 66, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WS2_32.dll!socket 71AB4211 3 Bytes JMP 03370000
.text C:\WINDOWS\System32\svchost.exe[1192] WS2_32.dll!socket + 4 71AB4215 1 Byte [ 91 ]
.text C:\WINDOWS\System32\svchost.exe[1192] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 21, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, 42, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, 42, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, 42, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, 42, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, 42, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 03F20FEF
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, 42, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 03F20FD4
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 03F20FB9
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, 43, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, 43, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, 44, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, 44, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, 44, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, 45, 01, 50, ... ]
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 03F20FA8
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, 49, 01, 50, ... ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1220] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006D000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1220] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 006E000A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D3000A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00D4000A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, CA, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, CB, 02, 50 ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, A7, 02, C3 ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 0E, 03, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 0E, 03, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 11, 03, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, DB, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, DB, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, DB, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, DB, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, DB, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, DB, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, DC, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, DC, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, DD, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, DD, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, DD, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, DE, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, E2, 02, 50, ... ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1296] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, BC, 02, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01040000
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01040FAC
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010400A1
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01040084
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01040069
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0104003D
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01040F7B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010400C3
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802336 13 Bytes JMP 010400F9
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01040F60
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01040F44
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0104004E
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0104001B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, AE, 00, 50 ]
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 86, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 010400B2
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0104002C
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01040FE5
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 010400DE
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01020FAF
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01020F68
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01020FCA
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01020F79
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01020FE5
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 0C, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 0C, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01020F94
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 22, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0102001B
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 0F, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01030000
.text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01030FE5
.text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01030FD4
.text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01030FC3
.text C:\RescueMe\r.exe[1364] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009F000A
.text C:\RescueMe\r.exe[1364] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A0000A
.text C:\Program Files\Messenger\msmsgs.exe[1380] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B0000A
.text C:\Program Files\Messenger\msmsgs.exe[1380] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B1000A
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02270FEF
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02270067
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0227004C
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02270F72
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0227002F
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02270014
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0227009F
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02270082
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!CreateProcessW 7C802336 13 Bytes JMP 02270F10
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02270F2B
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 022700C5
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02270F8D
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02270FCA
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, D5, 00, 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 9B, 00, C3 ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02270F57
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02270F9E
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02270FB9
.text C:\Program Files\Messenger\msmsgs.exe[1380] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02270F46
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02250025
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02250F7C
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02250FD4
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02250FE5
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02250F8D
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02250000
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 1C, 01, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 1C, 01, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02250FA8
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 45, 8A ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02250FB9
.text C:\Program Files\Messenger\msmsgs.exe[1380] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 1F, 01, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] USER32.dll!PeekMessageW 7E41929B 11 Bytes [ 58, 68, 9B, 92, F1, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] USER32.dll!PeekMessageW + C 7E4192A7 1 Byte [ C3 ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01720FEF
.text C:\Program Files\Messenger\msmsgs.exe[1380] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, C6, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, E5, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, E5, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, E5, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, E5, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, E5, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02260FEF
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, E5, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 0226000A
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02260FDE
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, E6, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, E6, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, E7, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, E7, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, E7, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes CALL D871E915
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02260FC3
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetErrorDlg 780DC93B 4 Bytes [ 58, 68, 3B, C9 ]
.text C:\Program Files\Messenger\msmsgs.exe[1380] WININET.dll!InternetErrorDlg + 5 780DC940 8 Bytes [ 00, 50, 68, 60, 5A, 9B, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[1428] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\ctfmon.exe[1428] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\ctfmon.exe[1428] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, DA, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[1428] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, DB, 00, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[1428] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, A0, 00, C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[1428] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, F5, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[1428] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, F5, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[1428] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, F8, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[1428] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, CC, 00, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0095000A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0096000A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 1A, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 1B, 01, 50 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, CA, 00, C3 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 38, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 38, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 3B, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 0C, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, 2B, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, 2B, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, 2B, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, 2B, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, 2B, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, 2B, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, 2C, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, 2C, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, 2D, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, 2D, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, 2D, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, 2E, 01, 50, ... ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1444] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, 32, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC0F77
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC0062
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0051
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0F9E
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0FCA
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC0091
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0F4B
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC0F13
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC00AC
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00FC0EF8
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00FC0FAF
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00FC0F5C
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00FC0F2E
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00EC0047
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00EC0062
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00EC0036
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00EC001B
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00EC0FAF
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00EC0FCA
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 0C, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00EC0FDB
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\svchost.exe[1504] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\svchost.exe[1504] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\svchost.exe[1504] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00ED0011
.text C:\WINDOWS\system32\svchost.exe[1504] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00ED0FC0
.text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[1524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0098000A
.text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[1524] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0099000A
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009C000A
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009D000A
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 21, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 22, 03, 50 ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, EE, 02, C3 ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, E4, 02, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 3F, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 3F, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 42, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, 32, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, 32, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, 32, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, 32, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, 32, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, 32, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, 33, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, 33, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, 34, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, 34, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, 34, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, 35, 03, 50, ... ]
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1596] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, 39, 03, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0094000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0095000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 43, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 44, 01, 50 ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 10, 01, C3 ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 71, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 71, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 74, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 04, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, 54, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, 54, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, 54, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, 54, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, 54, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, 54, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, 55, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, 55, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, 56, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, 56, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, 56, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, 57, 01, 50, ... ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, 5B, 01, 50, ... ]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1644] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 012D000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1644] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 012E000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1644] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, FA, 00, 50, ... ]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1644] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, FB, 00, 50 ]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1644] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, BA, 00, C3 ]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1644] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 0B, 01, 50, ... ]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1644] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 0B, 01, 50, ... ]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1644] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 0E, 01, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, C4, 00, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, C5, 00, 50 ]
.text C:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 9D, 00, C3 ]
.text C:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, F3, 00, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, F3, 00, 50, ... ]
.text C:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, F6, 00, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1708] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1708] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0070000A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 008A000A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 008B000A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 53, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 54, 02, 50 ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 1D, 02, C3 ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 45, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 71, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 71, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 74, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, 64, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, 64, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, 64, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, 64, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, 64, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, 64, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, 65, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, 65, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, 66, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, 66, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, 66, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, 67, 02, 50, ... ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1748] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, 6B, 02, 50, ... ]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[1796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AC000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[1796] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AD000A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1840] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006C000A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1840] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\alg.exe[1904] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0072000A
.text C:\WINDOWS\System32\alg.exe[1904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0073000A
.text C:\WINDOWS\System32\alg.exe[1904] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 9C, 00, 50, ... ]
.text C:\WINDOWS\System32\alg.exe[1904] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 9D, 00, 50 ]
.text C:\WINDOWS\System32\alg.exe[1904] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 75, 00, C3 ]
.text C:\WINDOWS\System32\alg.exe[1904] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, F5, 00, 50, ... ]
.text C:\WINDOWS\System32\alg.exe[1904] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, F5, 00, 50, ... ]
.text C:\WINDOWS\System32\alg.exe[1904] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, F8, 00, 50, ... ]
.text C:\WINDOWS\System32\alg.exe[1904] WS2_32.dll!send 71AB4C27 13 Bytes CALL 22139C2C
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 008C000A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 008D000A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, 04, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, 05, 03, 50 ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, E1, 02, C3 ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 22, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 22, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 25, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, F4, 02, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!HttpOpenRequestA 78064341 13 Bytes [ 58, 68, 41, 43, 15, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!InternetConnectA 7806499A 13 Bytes [ 58, 68, 9A, 49, 15, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!HttpOpenRequestW 78065D62 13 Bytes [ 58, 68, 62, 5D, 15, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!InternetReadFile 7806ABB4 13 Bytes [ 58, 68, B4, AB, 15, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!InternetQueryDataAvailable 7806ADF5 13 Bytes [ 58, 68, F5, AD, 15, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!HttpSendRequestA 7806CD40 13 Bytes [ 58, 68, 40, CD, 15, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!InternetWriteFile 78073645 13 Bytes [ 58, 68, 45, 36, 16, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!CommitUrlCacheEntryA 7807FC0A 13 Bytes [ 58, 68, 0A, FC, 16, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!HttpSendRequestW 78080825 13 Bytes [ 58, 68, 25, 08, 17, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!InternetReadFileExW 78082AAA 13 Bytes [ 58, 68, AA, 2A, 17, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!InternetReadFileExA 78082AE2 13 Bytes [ 58, 68, E2, 2A, 17, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!CommitUrlCacheEntryW 78099910 13 Bytes [ 58, 68, 10, 99, 18, 03, 50, ... ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1952] WININET.dll!InternetErrorDlg 780DC93B 13 Bytes [ 58, 68, 3B, C9, 1C, 03, 50, ... ]
.text C:\Program Files\Apoint2K\Apntex.exe[2000] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0093000A
.text C:\Program Files\Apoint2K\Apntex.exe[2000] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0094000A
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[2076] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A1000A
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[2076] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A2000A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2124] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0086000A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2124] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0087000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2180] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006E000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2180] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 006F000A
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0093000A
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2384] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0094000A
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2384] kernel32.dll!CreateProcessW 7C802336 13 Bytes [ 58, 68, 36, 23, E0, 01, 50, ... ]
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2384] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, E1, 01, 50 ]
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2384] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 40, 01, C3 ]
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2384] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, F1, 01, 50, ... ]
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2384] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, F1, 01, 50, ... ]
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2384] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, F4, 01, 50, ... ]
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[2384] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, 57, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01450000
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01450F66
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01450F81
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0145005B
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0145004A
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0145002F
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01450F24
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0145006C
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!CreateProcessW 7C802336 13 Bytes JMP 01450EF8
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01450F09
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 014500A2
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01450FA8
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01450FEF
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!ExitProcess 7C81CAFA 7 Bytes [ 58, 68, FA, CA, BC, 00, 50 ]
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!ExitProcess + 8 7C81CB02 5 Bytes [ C0, 5C, 86, 00, C3 ]
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01450F4B
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01450FCD
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01450FDE
.text C:\WINDOWS\system32\svchost.exe[2400] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01450087
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF0F8A
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0047
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 13 Bytes [ 58, 68, DD, 9F, 02, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!CryptImportKey 77DEA1D1 13 Bytes [ 58, 68, D1, A1, 02, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\svchost.exe[2400] ADVAPI32.dll!CryptGenKey 77E117D9 13 Bytes [ 58, 68, D9, 17, 05, 01, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[2400] WS2_32.dll!send 71AB4C27 13 Bytes [ 58, 68, 27, 4C, DF, 00, 50, ... ]
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01440FEF
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01440014
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01440025
.text C:\WINDOWS\system32\svchost.exe[2400] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01440FD4
.text C:\Program Files\iPod\bin\iPodService.exe[3748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0073000A
.text C:\Program Files\iPod\bin\iPodService.exe[3748] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0074000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[3892] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009E000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[3892] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009F000A
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Modules - GMER 1.0.14 ----
Module \systemroot\system32\drivers\UACjnbdmppp.sys (*** hidden *** ) AAF50000-AAF63000 (77824 bytes)
---- Processes - GMER 1.0.14 ----
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [168] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [312] 0x00CA0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [352] 0x00830000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe [444] 0x009C0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\McAfee\VirusScan\McShield.exe [460] 0x00700000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxtray.exe [516] 0x009D0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\hkcmd.exe [528] 0x009B0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [540] 0x00B70000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\AGRSMMSG.exe [564] 0x00A20000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Apoint2K\Apoint.exe [584] 0x00A30000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [596] 0x00BE0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [616] 0x00A40000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [648] 0x009A0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [684] 0x00910000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [720] 0x00670000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiprvse.exe [756] 0x00A20000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [764] 0x00670000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [776] 0x008D0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\HPQ\SHARED\HPQWMI.exe [892] 0x00710000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [1004] 0x00A30000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1044] 0x00710000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [1100] 0x00AB0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [1108] 0x00F50000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\QuickTime\QTTask.exe [1152] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [1164] 0x00BD0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1192] 0x00710000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1220] 0x006F0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\McAfee.com\Agent\mcagent.exe [1296] 0x00D50000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1344] 0x009D0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\RescueMe\r.exe [1364] 0x00A10000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [1380] 0x00CC0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1428] 0x009B0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [1444] 0x00970000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1504] 0x00710000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [1524] 0x009A0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [1596] 0x009E0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [1620] 0x00960000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Logitech\SetPoint\SetPoint.exe [1644] 0x012F0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1696] 0x00B40000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1708] 0x00710000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\McAfee\MPF\MPFSrv.exe [1748] 0x008C0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [1796] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Common Files\LightScribe\LSSrvc.exe [1840] 0x006E0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [1904] 0x008C0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [1952] 0x008E0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Apoint2K\Apntex.exe [2000] 0x00950000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe [2076] 0x00A30000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2124] 0x00880000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2180] 0x00700000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE [2384] 0x00950000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2400] 0x009D0000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [3748] 0x00750000
Library \\?\globalroot\systemroot\system32\UACjsjykopu.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe [3892] 0x00A00000
---- Services - GMER 1.0.14 ----
Service C:\WINDOWS\system32\drivers\UACjnbdmppp.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACjnbdmppp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACjnbdmppp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACppnvvuoo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACjpsalisv.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACdjecoiwy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxrqwwyjt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACjsjykopu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACoddwwbdb.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACixmaqgwe.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACpurfiymj.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACjnbdmppp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACjnbdmppp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACppnvvuoo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACjpsalisv.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACdjecoiwy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxrqwwyjt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACjsjykopu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACoddwwbdb.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACixmaqgwe.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACpurfiymj.log
---- EOF - GMER 1.0.14 ----
Yes, there is a rootkit.
Let's see if you can do this:
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
...off to see the wizard! I will post back soon!
ComboFix 09-02-28.01 - Patty 2009-03-01 9:30:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.639 [GMT -8:00]
Running from: c:\documents and settings\Patty\Desktop\d.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\UACjnbdmppp.sys
c:\windows\system32\UACdjecoiwy.dll
c:\windows\system32\UACixmaqgwe.log
c:\windows\system32\UACjpsalisv.dat
c:\windows\system32\UACjsjykopu.dll
c:\windows\system32\UACoddwwbdb.log
c:\windows\system32\UACppnvvuoo.dll
c:\windows\system32\UACpurfiymj.log
c:\windows\system32\UACxrqwwyjt.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.
2009-03-01 07:14 . 2009-03-01 09:13 <DIR> d-------- C:\RescueMe
2009-03-01 07:08 . 2009-03-01 07:08 5,516 --a------ c:\windows\system32\uacinit.dll
2009-02-28 22:13 . 2009-02-28 22:13 <DIR> d-------- c:\documents and settings\Patty\Application Data\Malwarebytes
2009-02-28 21:58 . 2009-02-28 22:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 21:58 . 2009-02-28 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 21:58 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 21:58 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-28 21:07 . 2005-08-01 22:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-02-28 21:07 . 2005-08-01 22:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-28 21:07 . 2009-02-28 21:07 <DIR> d-------- c:\documents and settings\Administrator
2009-02-28 20:58 . 2009-02-28 21:05 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-28 18:42 . 2009-02-28 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-19 21:40 . 2009-02-19 22:41 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-10 22:33 . 2009-02-10 22:33 <DIR> d-------- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2009-02-04 23:20 . 2009-02-04 23:21 <DIR> d-------- c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 05:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-08 00:27 --------- d-----w c:\program files\Google
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-18 05:07 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-07-18 05:27 0 ----a-w c:\program files\temp01
2008-03-03 05:06 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-08-21 22:58 236 ----a-w c:\documents and settings\Patty\Application Data\wklnhst.dat
2006-03-17 01:03 774,144 ----a-w c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-10 67128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"rundll32.exe"="c:\documents and settings\Patty\Application Data\Macromedia\Common\7ab9a0301.dll" [2009-02-28 64512]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-11-07 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-11-07 8192]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\AGRSMMSG.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"rundll32.exe"="c:\documents and settings\LocalService\Application Data\Macromedia\Common\7ab9a0301.dll" [2009-02-28 64512]
c:\documents and settings\Hallie\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-01-10 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-10 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-04-21 450560]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= c:\docume~1\Patty\APPLIC~1\MACROM~1\Common\7ab9a0301.dll
"wave1"= c:\docume~1\Patty\APPLIC~1\MACROM~1\Common\7ab9a0301.dll
"aux1"= c:\docume~1\Patty\APPLIC~1\MACROM~1\Common\7ab9a0301.dll
"mixer1"= c:\docume~1\Patty\APPLIC~1\MACROM~1\Common\7ab9a0301.dll
"midi2"= c:\docume~1\Patty\APPLIC~1\MACROM~1\Common\7ab9a0301.dll
"wave2"= c:\docume~1\Patty\APPLIC~1\MACROM~1\Common\7ab9a0301.dll
"aux2"= c:\docume~1\Patty\APPLIC~1\MACROM~1\Common\7ab9a0301.dll
"mixer2"= c:\docume~1\Patty\APPLIC~1\MACROM~1\Common\7ab9a0301.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 pciinfo;HP Pci Information;\??\c:\docume~1\Patty\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Patty\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-09-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -
BHO-{C9C42510-9B21-41c1-9DCD-8382A2D07C61} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.democracytalking.org/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 09:36:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????????????????????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-01 9:39:48
ComboFix-quarantined-files.txt 2009-03-01 17:38:59
Pre-Run: 58,769,580,032 bytes free
Post-Run: 65,341,710,336 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
175 --- E O F --- 2009-03-01 06:05:39
Sorry for delay, I didn't get email notification.
Please post also a fresh HijackThis log :)
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.