Inactive Malware & virus problem - Hijack this log pasted

Status
Not open for further replies.
C

cameocrusader

Posts: 8   +0
Hi All,

My computer sometimes opens up new browser windows and redirects to sites like www.epoclick.com or www.google-analytics.com.

I have tried to scan my computer many times but no luck. I have pasted the HijackThis log file below. Please let me know if anyone has faced this problem.

Thanks in advance for the help.

[HJT log removed - Broni]
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Log files pasted

Thanks a lot for the response Broni. I have pasted all the log files below. One another question is how do I find out if my home network is also affected by this malware or virus. This is because another laptop in my wireless network also started to open up browser windows going to epoclick.com.

Thanks a lot for your time and help.

Malwarebytes Log:
-----------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/17/2010 10:44:10 PM
mbam-log-2010-11-17 (22-44-10).txt

Scan type: Quick scan
Objects scanned: 127864
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER log

GMER log:
----------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-18 07:38:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e TOSHIBA_MK8032GSX rev.AS111G
Running: vt1fwi92.exe; Driver: C:\DOCUME~1\KAUSHI~1\LOCALS~1\Temp\fxlirpoc.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E90DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E90DC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E90DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E90E46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E90D9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E90D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E90D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E90DDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E90E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E90E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9E90E70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E90E5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E90E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP B9E90E34 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74F0 7 Bytes JMP B9E90E4A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8306 5 Bytes JMP B9E90E60 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6040 5 Bytes JMP B9E90E20 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1316 5 Bytes JMP B9E90D78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15A2 5 Bytes JMP B9E90D8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CAA 5 Bytes JMP B9E90E74 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806188B6 7 Bytes JMP B9E90E0A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D66 7 Bytes JMP B9E90DDE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A344 5 Bytes JMP B9E90DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7E0 7 Bytes JMP B9E90DC8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A9B0 7 Bytes JMP B9E90DF4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B722 5 Bytes JMP B9E90DA0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AD0000
.text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AD0FC0
.text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AD0FDB
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AF0FEF
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01AF0F5A
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01AF0F75
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01AF0F86
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01AF0F97
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01AF0FC3
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01AF007D
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01AF0F35
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01AF0EE4
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01AF0EFF
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01AF0098
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01AF0FA8
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01AF0014
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01AF0060
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01AF0FD4
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01AF0025
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01AF0F10
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01AE002F
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01AE0065
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01AE000A
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01AE0FDE
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01AE0FA8
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01AE0FEF
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01AE0FC3
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CE, 89]
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01AE0040
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 014B0FD4
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!system 77C293C7 5 Bytes JMP 014B0069
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 014B0029
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014B0FEF
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 014B0044
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014B000C
.text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 013E0FEF
.text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 013E000A
.text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 013E0031
.text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 013E0042
.text C:\WINDOWS\Explorer.EXE[264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012C0FEF
.text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00740FCA
.text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00740FE5
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0078008A
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F8B
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F9C
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0078005B
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780FD4
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F69
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007800B1
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800EE
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007800DD
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007800FF
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780FB9
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780025
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F7A
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FE5
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780036
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800CC
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770022
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0077005F
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770011
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770F98
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00770044
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770033
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760FB4
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!system 77C293C7 5 Bytes JMP 0076003F
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0076002E
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760FD9
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0076001D
.text C:\WINDOWS\system32\svchost.exe[292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00750FEF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990FEF
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00990FD4
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A10084
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A10069
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A10F9B
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A10058
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A10036
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A100C1
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A100B0
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A10F4A
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A100ED
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A10F39
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A10047
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A1009F
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A1000A
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A100DC
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0036
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0F8D
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0FA8
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009C0FB9
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BC, 88]
.text C:\WINDOWS\system32\svchost.exe[600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\system32\svchost.exe[600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0FA6
.text C:\WINDOWS\system32\svchost.exe[600] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0FB7
.text C:\WINDOWS\system32\svchost.exe[600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B001D
.text C:\WINDOWS\system32\svchost.exe[600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B000C
.text C:\WINDOWS\system32\svchost.exe[600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0FC8
.text C:\WINDOWS\system32\svchost.exe[600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02B70FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02B70FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02B7000A
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02BB0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02BB0F69
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02BB005E
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02BB0F84
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02BB0FA1
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02BB0FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02BB0094
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02BB0F4E
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02BB0F16
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02BB00AF
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02BB00CA
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02BB0FB2
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02BB0014
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02BB0079
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02BB002F
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02BB0FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02BB0F31
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ADVAPI32.DLL!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02BA0FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ADVAPI32.DLL!RegCreateKeyExW 77DD776C 5 Bytes JMP 02BA0F97
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ADVAPI32.DLL!RegOpenKeyExA 77DD7852 5 Bytes JMP 02BA0FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ADVAPI32.DLL!RegOpenKeyW 77DD7946 5 Bytes JMP 02BA0FDB
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ADVAPI32.DLL!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02BA004A
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ADVAPI32.DLL!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02BA0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ADVAPI32.DLL!RegCreateKeyW 77DFBA55 2 Bytes JMP 02BA0FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ADVAPI32.DLL!RegCreateKeyW + 3 77DFBA58 2 Bytes [DA, 8A]
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] ADVAPI32.DLL!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02BA0025
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] MSVCRT.DLL!_wsystem 77C2931E 5 Bytes JMP 02B90F9C
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] MSVCRT.DLL!system 77C293C7 5 Bytes JMP 02B9001D
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] MSVCRT.DLL!_creat 77C2D40F 5 Bytes JMP 02B90FC1
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] MSVCRT.DLL!_open 77C2F566 5 Bytes JMP 02B90FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] MSVCRT.DLL!_wcreat 77C2FC9B 5 Bytes JMP 02B9000C
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] MSVCRT.DLL!_wopen 77C30055 5 Bytes JMP 02B90FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[644] WS2_32.dll!socket 02354211 5 Bytes JMP 02B80000
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A90FE5
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A9005B
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A9004A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A90F70
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A90F8D
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A90025
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A90087
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A90F3F
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A90EF8
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A90F13
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A900AC
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A90F9E
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A90FCA
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A90076
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A90FAF
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A90F24
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A80FC3
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A8002F
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A80FD4
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A80F7C
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A80F8D
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C8, 88]
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A80FB2
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A70F92
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A7001D
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A70FC8
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A70FB7
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00A60011
.text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00A6002E
.text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00A6003F
.text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\services.exe[1440] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1440] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0004001B
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0077006E
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770F79
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770053
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770F8A
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770FB6
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770F39
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0077008B
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770F28
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007700C1
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007700E6
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770F9B
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0077001B
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00770F5E
 
GMER Log (continued)

.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0077002C
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770FDB
.text C:\WINDOWS\system32\services.exe[1440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0077009C
.text C:\WINDOWS\system32\services.exe[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070014
.text C:\WINDOWS\system32\services.exe[1440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0007004A
.text C:\WINDOWS\system32\services.exe[1440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[1440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0007002F
.text C:\WINDOWS\system32\services.exe[1440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[1440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060FC8
.text C:\WINDOWS\system32\services.exe[1440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060049
.text C:\WINDOWS\system32\services.exe[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060038
.text C:\WINDOWS\system32\services.exe[1440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FE3
.text C:\WINDOWS\system32\services.exe[1440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0006001D
.text C:\WINDOWS\system32\services.exe[1440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\lsass.exe[1452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\lsass.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F1007D
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F1006C
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F1005B
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F10FA8
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F10FD4
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F10F61
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F100A9
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F10F35
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F10F46
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F10F1A
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F10FB9
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F10011
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F10098
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F10040
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F100C4
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F00025
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F00F8D
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F0000A
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F00FA8
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F00040
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F00FB9
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_wsystem 77C2931E 5
Bytes JMP 00EF0025
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EF0FA4
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EF0FB5
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EF0FE3
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EF0FD2
.text C:\WINDOWS\system32\lsass.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AA001B
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60F88
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F6007D
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60062
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60051
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60025
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F600BF
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60F6D
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F600FC
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F600EB
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F60F3E
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60036
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60098
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F6000A
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F60FC3
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F600DA
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AD005B
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AD0FCA
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AD0040
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AD0025
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AD0087
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CD, 88] {INT 0x88}
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AD0076
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AC0053
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AC0042
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AC0027
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AC000C
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AC0FD2
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AC0FE3
.text C:\WINDOWS\system32\svchost.exe[1632] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A00FD1
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A00011
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FE5
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40065
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40054
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40F7C
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40F8D
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F3A
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40080
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A40F04
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A4009D
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40EE9
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40FA8
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F55
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FB9
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40F1F
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A3004A
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30F9E
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30025
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30065
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A30FC3
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C3, 88]
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30FDE
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20F8B
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20F9C
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20FD2
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A2000C
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20FAD
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20FE3
.text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A10000
.text C:\Program Files\Mozilla Firefox\firefox.exe[1812] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\System32\svchost.exe[1900] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02940FEF
.text C:\WINDOWS\System32\svchost.exe[1900] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02940014
.text C:\WINDOWS\System32\svchost.exe[1900] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02940FDE
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E10000
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E10047
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E10036
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E10F5C
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E10F79
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E10F94
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E10F21
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E10069
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E10F10
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E1009F
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02E100BA
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02E1001B
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E10FE5
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02E10058
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02E10FB9
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02E10FCA
.text C:\WINDOWS\System32\svchost.exe[1900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02E10084
.text C:\WINDOWS\System32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02E00039
.text C:\WINDOWS\System32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02E00076
.text C:\WINDOWS\System32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02E00FDE
.text C:\WINDOWS\System32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02E00FEF
.text C:\WINDOWS\System32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02E00FB9
.text C:\WINDOWS\System32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02E00000
.text C:\WINDOWS\System32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02E00065
.text C:\WINDOWS\System32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02E0004A
.text C:\WINDOWS\System32\svchost.exe[1900] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02A9002A
.text C:\WINDOWS\System32\svchost.exe[1900] msvcrt.dll!system 77C293C7 5 Bytes JMP 02A90F9F
.text C:\WINDOWS\System32\svchost.exe[1900] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02A90FC1
.text C:\WINDOWS\System32\svchost.exe[1900] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02A90FEF
.text C:\WINDOWS\System32\svchost.exe[1900] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02A90FB0
.text C:\WINDOWS\System32\svchost.exe[1900] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02A90FD2
.text C:\WINDOWS\System32\svchost.exe[1900] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02960000
.text C:\WINDOWS\System32\svchost.exe[1900] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 0297001B
.text C:\WINDOWS\System32\svchost.exe[1900] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 02970000
.text C:\WINDOWS\System32\svchost.exe[1900] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 02970038
.text C:\WINDOWS\System32\svchost.exe[1900] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 02970053
.text C:\WINDOWS\system32\svchost.exe[2240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[2240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[2240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20031
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F3C
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F4D
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20F5E
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20F9E
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20067
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20056
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C200A4
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20093
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C200C9
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20F79
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20F2B
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FAF
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[2240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C20078
.text C:\WINDOWS\system32\svchost.exe[2240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[2240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C1008E
.text C:\WINDOWS\system32\svchost.exe[2240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[2240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[2240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10FD1
.text C:\WINDOWS\system32\svchost.exe[2240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[2240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C10073
.text C:\WINDOWS\system32\svchost.exe[2240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10058
.text C:\WINDOWS\system32\svchost.exe[2240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00F92
.text C:\WINDOWS\system32\svchost.exe[2240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C0001D
.text C:\WINDOWS\system32\svchost.exe[2240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00FD2
.text C:\WINDOWS\system32\svchost.exe[2240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[2240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00FAD
.text C:\WINDOWS\system32\svchost.exe[2240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00FE3
.text C:\WINDOWS\system32\svchost.exe[2240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[2252] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[2252] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[2252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F92
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10FA3
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10FC0
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C1007D
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C100BF
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F77
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C100FF
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10F66
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10F4B
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10062
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10098
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FDB
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100E4
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F6B
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00F7C
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C00F8D
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E0, 88] {LOOPNZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0095
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF007A
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0044
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0055
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF001D
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2716] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\dllhost.exe[2944] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E9000A
.text C:\WINDOWS\system32\dllhost.exe[2944] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90036
.text C:\WINDOWS\system32\dllhost.exe[2944] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E9001B
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0071
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0F7C
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0F8D
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED004A
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0014
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED00A7
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0096
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F04
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED0F1F
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00B8
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0025
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0FCA
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0F6B
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FA8
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FB9
.text C:\WINDOWS\system32\dllhost.exe[2944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F3A
.text C:\WINDOWS\system32\dllhost.exe[2944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB001E
.text C:\WINDOWS\system32\dllhost.exe[2944] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0F89
.text C:\WINDOWS\system32\dllhost.exe[2944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0FB5
.text C:\WINDOWS\system32\dllhost.exe[2944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FEF
.text C:\WINDOWS\system32\dllhost.exe[2944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0F9A
.text C:\WINDOWS\system32\dllhost.exe[2944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FC6
.text C:\WINDOWS\system32\dllhost.exe[2944] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0FCA
.text C:\WINDOWS\system32\dllhost.exe[2944] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC004A
.text C:\WINDOWS\system32\dllhost.exe[2944] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC001B
 
GMER & DDS logs

.text C:\WINDOWS\system32\dllhost.exe[2944] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\dllhost.exe[2944] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0F8D
.text C:\WINDOWS\system32\dllhost.exe[2944] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\dllhost.exe[2944] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0F9E
.text C:\WINDOWS\system32\dllhost.exe[2944] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
.text C:\WINDOWS\system32\dllhost.exe[2944] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0FB9
.text C:\WINDOWS\system32\dllhost.exe[2944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[620] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [004076E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[620] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


DDS Log:
-------------


DDS (Ver_10-11-10.01) - NTFSx86
Run by Kaushik S at 7:41:28.37 on Thu 11/18/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.681 [GMT -6:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kaushik S\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100612203748.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\kaushik s\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\kaushi~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\kaushi~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www2.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kaushi~1\applic~1\mozilla\firefox\profiles\i6lnmstk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\kaushik s\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\kaushik s\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\kaushik s\application data\mozilla\firefox\profiles\i6lnmstk.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\kaushik s\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\kaushik s\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\kaushik s\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-2 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-2 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-2 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-2 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-2 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-2 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-2 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-2 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-2 141792]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-2 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-2 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-2 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-2 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-2 88480]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-9-1 226304]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-2 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-2 83496]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-5-1 1120960]

=============== Created Last 30 ================

2010-11-15 04:51:00 -------- d-----w- c:\docume~1\kaushi~1\applic~1\OpenOffice.org
2010-11-15 03:27:37 -------- d-----w- c:\program files\JRE
2010-11-15 03:25:27 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-15 03:24:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-15 03:24:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-15 03:24:30 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-19 16:56:01 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-19 16:56:01 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-19 16:56:00 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-19 16:55:19 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-10-03 19:41:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

============= FINISH: 7:42:51.43 ===============
 
Attach log (for DDS)

Attach log:
----------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/1/2010 7:20:37 PM
System Uptime: 11/17/2010 10:29:12 PM (9 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz | N/A | 1861/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 69 GiB total, 44.12 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
J: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP84: 8/13/2010 7:17:56 AM - Software Distribution Service 3.0
RP85: 8/14/2010 10:30:01 AM - System Checkpoint
RP86: 8/15/2010 12:10:45 PM - System Checkpoint
RP87: 8/20/2010 3:53:38 PM - System Checkpoint
RP88: 8/21/2010 6:35:09 PM - System Checkpoint
RP89: 8/22/2010 6:38:15 PM - System Checkpoint
RP90: 8/23/2010 11:58:53 PM - System Checkpoint
RP91: 8/25/2010 1:07:53 AM - System Checkpoint
RP92: 8/25/2010 8:01:31 PM - Restore Operation
RP93: 9/11/2010 4:09:19 PM - Printer Driver PrimoPDF Installed
RP94: 9/11/2010 4:35:33 PM - Installed GMATPrep(TM)
RP95: 9/15/2010 12:53:03 AM - System Checkpoint
RP96: 9/15/2010 7:29:29 AM - Software Distribution Service 3.0
RP97: 9/19/2010 11:41:15 AM - Software Distribution Service 3.0
RP98: 9/23/2010 1:42:23 AM - System Checkpoint
RP99: 9/29/2010 7:33:11 AM - Software Distribution Service 3.0
RP100: 10/3/2010 10:21:13 AM - Installed iTunes
RP101: 10/7/2010 3:00:17 AM - Software Distribution Service 3.0
RP102: 10/8/2010 7:38:01 AM - Software Distribution Service 3.0
RP103: 10/16/2010 11:59:15 PM - System Checkpoint
RP104: 10/18/2010 12:01:38 AM - System Checkpoint
RP105: 10/19/2010 8:39:05 AM - System Checkpoint
RP106: 10/19/2010 10:34:39 PM - Software Distribution Service 3.0
RP107: 10/25/2010 8:14:20 AM - System Checkpoint
RP108: 10/26/2010 10:44:20 AM - System Checkpoint
RP109: 10/28/2010 3:08:04 PM - System Checkpoint
RP110: 11/1/2010 6:53:28 AM - System Checkpoint
RP111: 11/3/2010 7:11:47 PM - Software Distribution Service 3.0
RP112: 11/4/2010 9:10:11 PM - System Checkpoint
RP113: 11/6/2010 11:38:25 AM - System Checkpoint
RP114: 11/7/2010 12:08:42 PM - System Checkpoint
RP115: 11/9/2010 6:25:50 AM - System Checkpoint
RP116: 11/10/2010 6:38:40 AM - Software Distribution Service 3.0
RP117: 11/11/2010 8:34:26 AM - System Checkpoint
RP118: 11/14/2010 9:22:44 PM - Installed Java(TM) 6 Update 20
RP119: 11/14/2010 9:25:16 PM - Installed OpenOffice.org 3.2

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
Advanced Video FX Utility
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bewitched (remove only)
Bonjour
Cisco WebEx Meeting Center for Internet Explorer
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.30
Click to DVD Tutorial
Creative Photo Manager
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
DISCover
DVgate Plus
Facebook Plug-In
GMATPrep(TM)
Google Chrome
Google Talk (remove only)
Google Talk Plugin
GoToMeeting 4.5.0.457
GRE POWERPREP
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Converter 2 Plus
ImageStation
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Java(TM) 6 Update 20
JEOPARDY! (remove only)
LAN Setting Utility
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
magicJack
Malwarebytes' Anti-Malware
McAfee Internet Security
mCore
mDriver
MediaRing Talk
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
Move Media Player
Mozilla Firefox (3.6.12)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
Napster
Napster Burn Engine
Octoshape add-in for Adobe Flash Player
Office 2003 Trial Assistant
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.5.01
OpenOffice.org 3.2
Picasa 3
PrimoPDF -- brought to you by Nitro PDF Software
Quicken 2006
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Search Enhancement by AOL Search
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Setting Utility Series
SightSpeed
Skype Toolbars
Skype™ 4.2
Soft Data Fax Modem with SmartCP
Sonic Encoders
SonicStage 4.0
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
SopCast 3.2.9
Symantec KB-DocID:2003093015493306
TeamViewer 5
The Da Vinci Code (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Word 2007 (KB974631)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Backup Utility
VAIO Breeze Wallpaper
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Media Tutorial
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
Veetle TV 0.9.17
Veoh Web Player
VLC media player 1.0.5
WebEx
WebFldrs XP
Wheel of Fortune (remove only)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Wireless Switch Setting Utility
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

11/17/2010 10:25:04 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:02 PM, error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:02 PM, error: Service Control Manager [7034] - The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:02 PM, error: Service Control Manager [7034] - The VAIO Entertainment File Import Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:02 PM, error: Service Control Manager [7034] - The VAIO Entertainment Database Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:02 PM, error: Service Control Manager [7034] - The SonicStageMonitoring service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:01 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:01 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:01 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/17/2010 10:25:01 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/17/2010 10:25:01 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/17/2010 10:25:01 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/17/2010 10:25:01 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/17/2010 10:25:01 PM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/17/2010 10:25:00 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:00 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:00 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 10:25:00 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/11/2010 8:45:19 AM, error: PlugPlayManager [12] - The device 'PIONEER DVD-RW DVR-K16D' (IDE\CdRomPIONEER_DVD-RW__DVR-K16D________________1.00____\5&2691dc07&0&0.0.0) disappeared from the system without first being prepared for removal.

==== End Of File ===========================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Sorry for the delay in sending the logs.My computer crashed and I had to recover my laptop to the original factory condition. I was hoping that this would get rid of the virus as well but when I ran Malwarebytes again after this restore, it found the Antivirus virus in the registry. I have pasted the most recent Malwarebytes log again.

Let me know if this log still indicates a problem and the next steps I need to take. This virus is rooted deep into my machine :(.

Thanks a lot for your help.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5164

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/21/2010 1:32:32 PM
mbam-log-2010-11-21 (13-32-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 181130
Time elapsed: 39 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
If you restored computer to factory settings, you have nothing to worry about.
What MBAM discovered looks like just incorrect setting. I wouldn't lose any sleep over it.
 
Status
Not open for further replies.

Similar threads

B
Drivers and software update problem
Replies
1
Views
2K
bazz2004
B
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
I
Solved Possible infection?
2
Replies
38
Views
7K
Broni
Broni

Latest posts

Back