-
Malware Removal Problems
Hi, I'm having some technical issues that I'm hoping someone here can help me with.
I'm running Windows XP on a Dell Inspiron 8600. I have McAfee on my computer which has told me that I have a Trojan named Vundo on my machine (that it can't remove).
I did a little bit of research and what I have kind of sounds like Vundo. I can't click on links when I search for stuff on Google or Yahoo or I get sent to some weird 3rd party site that it's the link I clicked. iExplorer will also sometimes run in the background and show ads or play weird audio files.
I downloaded VundoFix and tried to get rid of it with that, but the program did now find any instances of Vundo.
I read the information that has been posted on this forum and tried to download both Spybot and HiJack this, but once I download them I can't get them to open... I looked into this a little bit and brought up my Task List and it shows that those files are running, but I can't get their windows to open or anything.
Can someone help me out here and get me started on the road so I can grab a HiJack this report and start to figure out what's wrong with my machine?
Thanks.
Sorry... typo... that should read that VundoFix did NOT find any instances of Vundo.
-
Hi,
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool. - When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
- Save both reports to your desktop. Post them back to your topic.
Download GMER here by clicking download exe -button and then saving it your desktop:- Double-click .exe that you downloaded
- Click rootkit-tab and then scan.
- Don't check
Show All
box while scanning in progress! - When scanning is ready, click Copy.
- This copies log to clipboard
- Post log in your reply.
-
Thanks for the response. Attached are the DDS reports. I'm having issues attaching the GMER. I get the error message that "Your file of 106.8 KB bytes exceeds the forum's limit of 48.8 KB for this filetype. " and when I try to just cut and paste it here I get the message that "The text that you have entered is too long (109586 characters). Please shorten it to 64000 characters long."
Please advise. Thanks.
-
On second thought, I split the GMER into two response below... Let me know if there's a different way you'd like me to get it to you.
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-24 15:23:37
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF23A322B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF23A31AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF23A3255]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF23A31BF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF23A31EB]
Code 86C86290 ZwEnumerateKey
Code 86C86740 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF23A327F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF23A3197]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF23A323F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF23A31D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF23A3201]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF23A3217]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF23A3295]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF23A3269]
Code 86C860F6 IofCallDriver
Code 86C85DF6 IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code 86C86D35 ZwSaveKey
Code 86C870BD ZwSaveKeyEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey 804DD6E8 5 Bytes JMP 86C86D3A
.text ntoskrnl.exe!ZwSaveKeyEx 804DD6FC 5 Bytes JMP 86C870C2
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 86C860FB
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 86C85DFB
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP F23A326D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP F23A319B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP F23A322F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP F23A31AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 86C86294
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP F23A3243 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP F23A3205 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP F23A3299 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP F23A3283 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 86C86744
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP F23A321B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP F23A31EF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP F23A31C3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP F23A3259 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E77C 7 Bytes JMP F23A31D9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Java\jre6\bin\jqs.exe[240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008C000A
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00E2000A
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00E3000A
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02AB0000
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02AB0F6F
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02AB0F8A
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02AB0058
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02AB0F9B
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02AB0FB6
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02AB0F4A
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02AB009C
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02AB0F14
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02AB00B7
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02AB00C8
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02AB003D
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02AB0011
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02AB007F
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02AB0022
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02AB0FDB
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02AB0F39
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01D1001B
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01D1007D
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01D10FCA
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01D1000A
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01D1006C
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01D10FEF
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01D10051
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01D10036
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01D00FB0
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!system 77C293C7 5 Bytes JMP 01D0003B
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01D00FC1
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01D00FE3
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01D00020
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01D00FD2
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 01DA000A
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 01DA001B
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 01DA0040
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 01DA005B
.text C:\WINDOWS\Explorer.EXE[356] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01CF0FE5
.text C:\WINDOWS\system32\ctfmon.exe[640] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\ctfmon.exe[640] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B1000A
.text C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0086000A
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0086000A
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01490FEF
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01490065
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01490054
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01490F70
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01490F8D
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01490FB2
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01490091
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 3 Bytes JMP 01490080
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoA + 4 7C801EF6 1 Byte [84]
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014900C7
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01490F2E
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01490F09
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0149002F
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01490FDE
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01490F55
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01490014
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01490FC3
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014900AC
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0005005F
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FD4
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050029
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050044
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050018
.text C:\WINDOWS\system32\services.exe[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[908] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[908] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[908] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[908] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00070FC3
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01550000
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01550F66
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01550F77
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01550F94
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01550FA5
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01550FDB
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01550F1D
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01550F3A
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01550EDD
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01550076
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01550091
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01550FCA
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0155001B
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01550F4B
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01550047
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0155002C
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01550F02
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01530FB9
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01530076
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01530FD4
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01530FE5
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01530065
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01530000
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01530040
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0153002F
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0152007A
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 0152005F
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01520029
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01520000
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01520044
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01520FEF
.text C:\WINDOWS\system32\lsass.exe[920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01510000
.text C:\WINDOWS\system32\lsass.exe[920] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 0154000A
.text C:\WINDOWS\system32\lsass.exe[920] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 01540FEF
.text C:\WINDOWS\system32\lsass.exe[920] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 01540FDE
.text C:\WINDOWS\system32\lsass.exe[920] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 01540FCD
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02D40FEF
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02D40F5C
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02D40F6D
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02D40F94
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02D40047
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02D40FA5
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02D40F29
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02D40F3A
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02D40EFD
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02D4008C
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02D400A7
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02D4002C
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02D4000A
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02D40F4B
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02D4001B
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02D40FD4
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02D40F0E
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0162001B
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0162005B
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01620FCA
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01620FE5
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01620F94
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01620000
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01620036
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01620FAF
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01610FB4
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 01610FD9
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0161002E
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0161000C
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01610049
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0161001D
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01600FEF
.text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 01630FE5
.text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 0163000A
.text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 0163001B
.text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 0163002C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1140] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009A000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1140] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016F0000
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 016F0089
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 016F006E
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 016F0F94
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 016F0047
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 016F0FC0
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 016F0F5E
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 016F0F79
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016F0F21
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016F0F3C
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016F0F10
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 016F0FA5
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 016F0FEF
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 016F009A
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 016F002C
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 016F001B
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 016F0F4D
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014D003D
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014D006C
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014D0022
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014D0011
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014D0FAF
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014D0000
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 014D0FCA
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6D, 89]
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014D0FDB
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 014C0F8B
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!system 77C293C7 5 Bytes JMP 014C0FA6
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 014C000C
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014C0FEF
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 014C0FB7
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014C0FD2
.text C:\WINDOWS\system32\svchost.exe[1188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014B000A
.text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 016E0FE5
.text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 016E0000
.text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 016E0FD4
.text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 016E0025
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03330FEF
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03330F80
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0333007F
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0333006E
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03330051
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03330FB9
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03330F2D
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03330F48
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03330EF0
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03330F0B
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 033300AE
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03330040
.text
-
C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0333000A
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03330F6F
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03330025
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03330FD4
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03330F1C
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03310051
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03310FAF
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03310040
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03310025
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0331006C
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0331000A
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03310FD4
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [51, 8B]
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03310FE5
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03300FC3
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 03300FD4
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03300029
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0330000C
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0330003A
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03300FEF
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!socket 71AB4211 5 Bytes JMP 021F0FEF
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 03320FE5
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 03320FCA
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 03320FAF
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 03320F94
.text C:\Program Files\iTunes\iTunesHelper.exe[1280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F6000A
.text C:\Program Files\iTunes\iTunesHelper.exe[1280] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01010FE5
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01010040
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01010F4B
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01010F66
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0101002F
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01010F9E
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01010F02
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01010F1F
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01010EF1
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01010080
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01010ED6
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01010F8D
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01010FD4
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01010F30
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01010FAF
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01010000
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01010065
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD002C
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0062
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD0FDB
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0011
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0051
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0000
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FD0FAF
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1D, 89]
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0FC0
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FC0044
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FC0033
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FC0018
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FC0FC3
.text C:\WINDOWS\System32\svchost.exe[1292] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FC0FDE
.text C:\WINDOWS\System32\svchost.exe[1292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D10000
.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00FF0FCD
.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00FF0FB2
.text C:\Program Files\Java\jre6\bin\jusched.exe[1336] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F1000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1336] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00F2000A
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1400] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CC000A
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1400] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CD000A
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CF000A
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D0000A
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F37
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70F48
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F6F
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70F80
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70011
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F0B
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70047
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70093
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70EFA
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70EDF
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F7002C
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F1C
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70000
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70078
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F50025
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F50047
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F50FD4
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F50FE5
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50F8A
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F50036
.text C:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F50FB9
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F40FC1
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F40042
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F40FD2
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F40000
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F40027
.text C:\WINDOWS\System32\svchost.exe[1448] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F40FE3
.text C:\WINDOWS\System32\svchost.exe[1448] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D10000
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00F60FDE
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00F60FCD
.text C:\WINDOWS\System32\svchost.exe[1448] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00F60014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D0000A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D1000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1644] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008F000A
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BA000A
.text C:\Program Files\McAfee\Common Framework\McTray.exe[1812] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CE000A
.text C:\Program Files\McAfee\Common Framework\McTray.exe[1812] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\ZCfgSvc.exe[2012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0131000A
.text C:\WINDOWS\system32\ZCfgSvc.exe[2012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0132000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A6000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A7000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 022D0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 022D0F81
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 022D006C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 022D0F92
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 022D005B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 022D0040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 022D0F70
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 022D00B8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 022D0F3A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 022D0F5F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 022D00F8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 022D0FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 022D000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 022D0091
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 022D002F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 022D0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 022D00DD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 022B0FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 022B0F6F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 022B0FD1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 022B0011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 022B0F80
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 022B0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 022B002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 022B0FA5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 022A0F9C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] msvcrt.dll!system 77C293C7 5 Bytes JMP 022A0027
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 022A0FD2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] msvcrt.dll!_open 77C2F566 5 Bytes JMP 022A0FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 022A0FB7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 022A000C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02290FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 022C0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 022C0FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 022C0FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2100] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 022C0FB2
.text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[2256] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008A000A
.text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[2256] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008B000A
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0081000A
.text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0082000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2484] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D0000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2484] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D1000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AA000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AB000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01750000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01750F74
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01750F8F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01750069
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01750FAC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01750FC7
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0175008E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01750F52
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017500BA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017500A9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 017500CB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01750058
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01750011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01750F63
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0175003D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0175002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01750F2B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0173000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0173003D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01730FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01730FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0173002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01730FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01730F8A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [93, 89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0173001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01720FA6
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] msvcrt.dll!system 77C293C7 5 Bytes JMP 01720FB7
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01720FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01720000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01720FC8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0172001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01710FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 01740000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 0174001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 01740036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2512] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 01740FDB
.text C:\WINDOWS\System32\RegSrvc.exe[2652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AC000A
.text C:\WINDOWS\System32\RegSrvc.exe[2652] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AD000A
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01330FEF
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01330F3D
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01330028
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01330F5A
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01330F75
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01330FAB
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01330F07
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01330F18
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01330EF6
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0133008F
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013300AA
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01330F86
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01330FDE
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01330043
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01330FBC
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01330FCD
.text C:\WINDOWS\System32\svchost.exe[2788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0133006A
.text C:\WINDOWS\System32\svchost.exe[2788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FB2
.text C:\WINDOWS\System32\svchost.exe[2788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0F61
.text C:\WINDOWS\System32\svchost.exe[2788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\System32\svchost.exe[2788] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\System32\svchost.exe[2788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0F7C
.text C:\WINDOWS\System32\svchost.exe[2788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[2788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF001E
.text C:\WINDOWS\System32\svchost.exe[2788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0FA1
.text C:\WINDOWS\System32\svchost.exe[2788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0038
.text C:\WINDOWS\System32\svchost.exe[2788] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0FAD
.text C:\WINDOWS\System32\svchost.exe[2788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD001D
.text C:\WINDOWS\System32\svchost.exe[2788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0000
.text C:\WINDOWS\System32\svchost.exe[2788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0FC8
.text C:\WINDOWS\System32\svchost.exe[2788] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD0FE3
.text C:\WINDOWS\System32\svchost.exe[2788] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FC000A
.text C:\WINDOWS\System32\svchost.exe[2788] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 01320FEF
.text C:\WINDOWS\System32\svchost.exe[2788] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 01320FDE
.text C:\WINDOWS\System32\svchost.exe[2788] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 01320FCD
.text C:\WINDOWS\System32\svchost.exe[2788] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 01320FBC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3228] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B2000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3228] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3228] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00A52306 c:\windows\system32\gasesowo.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3228] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C52230
.text C:\Program Files\Mozilla Firefox\firefox.exe[3228] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C52070
.text C:\Program Files\Mozilla Firefox\firefox.exe[3228] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C52050
.text C:\Program Files\iPod\bin\iPodService.exe[3772] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AD000A
.text C:\Program Files\iPod\bin\iPodService.exe[3772] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AE000A
.text C:\Documents and Settings\whitmyer.BWW-LAP-DEL-069\Desktop\crcdpben.exe[5056] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DB000A
.text C:\Documents and Settings\whitmyer.BWW-LAP-DEL-069\Desktop\crcdpben.exe[5056] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DC000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00EE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00EF000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00290000
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0029006E
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0029005D
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00290F83
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00290F94
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0029002F
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0029007F
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00290F37
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00290F01
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00290F1C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00290EDC
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00290040
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00290FE5
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 015A2306 c:\windows\system32\gasesowo.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00290F54
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00290FB9
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00290FCA
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0029009A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380FB2
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00380054
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00380FC3
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00380FDE
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00380F97
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00380039
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00380028
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390FBC
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390047
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390022
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390000
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390FD7
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390011
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C72230
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C50FEF
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 015A286C c:\windows\system32\gasesowo.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C72050
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C72030
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WININET.dll!HttpAddRequestHeadersA 7805FB4D 5 Bytes JMP 012D000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 01090FEF
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 01090FD4
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 01090000
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 01090011
.text C:\Program Files\Internet Explorer\Iexplore.exe[6000] WININET.dll!HttpAddRequestHeadersW 780CD14D 5 Bytes JMP 013E000A
-
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACeoawmsbsridvkwo.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [356] 0x00F20000
Library \\?\globalroot\systemroot\system32\UACeoawmsbsridvkwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1080] 0x03230000
Library \\?\globalroot\systemroot\system32\UACeoawmsbsridvkwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1188] 0x00C50000
Library \\?\globalroot\systemroot\system32\UACeoawmsbsridvkwo.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1232] 0x00C50000
Library \\?\globalroot\systemroot\system32\UACeoawmsbsridvkwo.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1292] 0x00C50000
Library \\?\globalroot\systemroot\system32\UACeoawmsbsridvkwo.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1448] 0x00C50000
Library \\?\globalroot\systemroot\system32\UACeoawmsbsridvkwo.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [2788] 0x00C50000
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
-
Hi again,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
-
I can install ComboFix, but I can't get it to open on my computer, just like I couldn't get Spybot to open (whether in normal or safe modes).
Please advise.
-
Ok, false alarm. I re-downloaded ComboFix and was able to run it. I attached one of the files that you requested...When ComboFix finished running it told me to go to C:\ComboFix to recover the log but that folder appears empty to me, so not sure if this is all that you need or if there's anything else.
-
Please post fresh dds.txt file contents too (re-run DDS).