Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forÂ
- Dell Community
- :
- Software
- :
- Virus & Spyware
- :
- Restarts in Stand-by/Hijackthis log
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
colonelh
2 Bronze
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎05-09-2010
02:02 PM
Restarts in Stand-by/Hijackthis log
I have been having an issue with restarts when trying to put my system in standby. I have looked over power settings etc. to no avail.
I can't seem to find what is causing this problem, so here is a log to see if you can find something that Vipre, Malwarebytes and I cannot.
I Am trying to narrow down the possibilties, it's quite strange and making me nuts.
The system as a whole seems to be fine.
I'm also wanting to upgrade to xp sp3 and do not want to if there is a problem existing.
DELL Dimension 1100
Windows XP SP2 Home Ver. 5.1.2600
Intel Celeron 2.53GHz x86, 1GIG RAM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:51, on 5/9/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
https://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program
Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt
Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt
Software\VIPRE\SBPIMSvc.exe
--
End of file - 4358 bytes
Thank you for your time, any help and suggestions are appriciated.
COL.
0
Kudos
18 Replies
kevin27
4 Germanium
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎05-20-2010
01:24 PM
Re: Restarts in Stand-by/Hijackthis log
colonelh,
Sorry for the delay in getting to your log.
Welcome to Dell Community Malware Removal Forums,
I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
If you still require assistance please follow these instructions:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
- Make sure you are connected to the Internet.
- Double-click on mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
- If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
- If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
- Click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
- Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
I need to see some additional information about what is happening in your machine.
Please perform the following scan:
- Download DDS by sUBs from one of the following links. Save it to your desktop.
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explanation about the tool.
- When done, DDS will open two (2) logs
2. Attach.txt
- Save both reports to your desktop.
- The instructions here ask you to attach the Attach.txt.
- Instead of attaching, please copy/past both logs into your next reply.
- Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
Please COPY/PASTE your fresh MBAM log and BOTH DDS logs. (note: before posting any logs, please go to Format on notepads toolbar and make sure WordWrap is unchecked)
Thankyou,
K27.
Malware Removal Staff at SpywareHammer
The Internet is the New Age Battle of the Old Age Clash Between Good and Evil
0
Kudos
colonelh
2 Bronze
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎05-22-2010
07:51 AM
Re: Restarts in Stand-by/Hijackthis log
K27,
Thanks for your reply, not to worry about the delay. My schedule is more than full also.
I haven't done anything else to find the cause of the glich. So here is the information you requested for your analisys.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
5/22/2010 08:30:44
mbam-log-2010-05-22 (08-30-44).txt
Scan type: Quick scan
Objects scanned: 119829
Time elapsed: 11 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
An error has occurred. Please report this error code to our support team.
MBAM_ERROR_NOT_REGISTERED (0, 0)
DDS LOGS:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 8:55:40.46 on Sat 05/22/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.508 [GMT -4:00]
AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://home.verizon.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRunOnce: [Shockwave 8] "c:\windows\system32\macromed\shockwave 8\swinit.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\virtua~1.lnk - c:\windows\system32\virtualexpander\VirtualExpander.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xktanzji.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://home.verizon.yahoo.com/
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xktanzji.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xktanzji.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xktanzji.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-4 13400]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-5-4 322904]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-5-4 204632]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-30 2730120]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-4 69720]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-30 181584]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-3-13 67800]
R3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-5-4 86232]
=============== Created Last 30 ================
2010-05-12 12:44 411,368 a------- c:\windows\system32\deployJava1.dll
2010-05-12 12:44 73,728 a------- c:\windows\system32\javacpl.cpl
2010-05-09 15:32 <DIR> --d----- c:\program files\Trend Micro
2010-05-08 17:12 <DIR> --d----- c:\windows\system32\VirtualExpander
2010-05-04 21:30 69,720 a------- c:\windows\system32\drivers\sbapifs.sys
2010-05-04 21:28 13,400 a------- c:\windows\system32\drivers\sbaphd.sys
2010-05-04 21:23 204,632 a------- c:\windows\system32\drivers\sbtis.sys
2010-05-04 21:23 86,232 a------- c:\windows\system32\drivers\sbhips.sys
2010-05-04 21:22 322,904 a------- c:\windows\system32\drivers\SbFw.sys
2010-04-30 12:31 27,984 a------- c:\windows\system32\sbbd.exe
2010-04-28 07:13 <DIR> --d----- c:\windows\system32\wbem\Repository
2010-04-27 22:34 <DIR> --d----- c:\windows\Cache
2010-04-27 22:33 <DIR> --d----- c:\windows\Performance
2010-04-27 22:32 <DIR> --d----- c:\docume~1\owner\applic~1\GARMIN
2010-04-27 22:32 <DIR> --d----- c:\windows\system32\Dell
2010-04-27 22:31 <DIR> --d----- C:\0c4c677c0e84eb8dd56dc00e2e
2010-04-24 19:44 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2010-04-24 19:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 19:43 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-04-24 19:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-04-24 19:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-24 18:31 <DIR> --d----- C:\VIPRERESCUE
2010-04-24 11:52 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2010-04-24 11:52 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2010-04-24 11:52 17,408 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2010-04-24 11:52 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2010-04-24 11:52 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2010-04-24 11:51 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2010-04-24 11:51 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2010-04-24 11:51 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2010-04-24 11:51 19,328 ac------ c:\windows\system32\dllcache\wstcodec.sys
2010-04-24 11:51 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2010-04-24 11:51 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2010-04-24 11:51 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
2010-04-24 11:51 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
2010-04-24 11:51 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2010-04-24 11:51 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2010-04-24 11:51 53,760 ac------ c:\windows\system32\dllcache\wiamsmud.dll
2010-04-24 11:51 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2010-04-24 11:49 24,576 ac------ c:\windows\system32\dllcache\viairda.sys
2010-04-24 11:48 28,160 ac------ c:\windows\system32\dllcache\umaxu40.dll
2010-04-24 11:47 159,232 ac------ c:\windows\system32\dllcache\tridkbm.sys
2010-04-24 11:46 17,129 ac------ c:\windows\system32\dllcache\tdkcd31.sys
2010-04-24 11:45 10,240 ac------ c:\windows\system32\dllcache\swpdflt2.dll
2010-04-24 11:44 37,040 ac------ c:\windows\system32\dllcache\sonypi.sys
2010-04-24 11:43 28,160 ac------ c:\windows\system32\dllcache\sm91w.dll
2010-04-24 11:42 161,568 ac------ c:\windows\system32\dllcache\sgsmusb.sys
2010-04-24 11:42 18,400 ac------ c:\windows\system32\dllcache\sgsmld.sys
2010-04-24 11:42 98,080 ac------ c:\windows\system32\dllcache\sgiulnt5.sys
2010-04-24 11:42 386,560 ac------ c:\windows\system32\dllcache\sgiul50.dll
2010-04-24 11:42 36,480 ac------ c:\windows\system32\dllcache\sfmanm.sys
2010-04-24 11:42 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2010-04-24 11:42 17,664 ac------ c:\windows\system32\dllcache\sermouse.sys
2010-04-24 11:42 6,912 ac------ c:\windows\system32\dllcache\seaddsmc.sys
2010-04-24 11:42 10,880 ac------ c:\windows\system32\dllcache\scsiscan.sys
2010-04-24 11:42 11,648 ac------ c:\windows\system32\dllcache\scsiprnt.sys
2010-04-24 11:42 17,280 ac------ c:\windows\system32\dllcache\scr111.sys
2010-04-24 11:42 16,640 ac------ c:\windows\system32\dllcache\scmstcs.sys
2010-04-24 11:42 23,936 ac------ c:\windows\system32\dllcache\sccmusbm.sys
2010-04-24 11:40 26,624 ac------ c:\windows\system32\dllcache\rw450ext.dll
2010-04-24 11:39 41,472 ac------ c:\windows\system32\dllcache\qvusd.dll
2010-04-24 11:38 7,552 ac------ c:\windows\system32\dllcache\powerfil.sys
2010-04-24 11:37 29,769 ac------ c:\windows\system32\dllcache\pcntn5m.sys
2010-04-24 11:36 43,689 ac------ c:\windows\system32\dllcache\otceth5.sys
2010-04-24 11:35 39,264 ac------ c:\windows\system32\dllcache\neo20xx.sys
2010-04-24 11:34 452,736 ac------ c:\windows\system32\dllcache\mtxparhm.sys
2010-04-24 11:33 320,384 ac------ c:\windows\system32\dllcache\mgaum.sys
2010-04-24 11:32 20,573 ac------ c:\windows\system32\dllcache\lne100.sys
2010-04-24 11:31 23,552 ac------ c:\windows\system32\dllcache\irmk7.sys
2010-04-24 11:30 91,136 ac------ c:\windows\system32\dllcache\icam4com.dll
2010-04-24 11:29 73,279 ac------ c:\windows\system32\dllcache\hsf_spkp.sys
2010-04-24 11:28 48,128 ac------ c:\windows\system32\dllcache\hpgt33tk.dll
2010-04-24 11:27 92,160 ac------ c:\windows\system32\dllcache\fuusd.dll
2010-04-24 11:26 63,360 ac------ c:\windows\system32\dllcache\ess.sys
2010-04-24 11:25 44,103 ac------ c:\windows\system32\dllcache\el515.sys
2010-04-24 11:24 419,357 ac------ c:\windows\system32\dllcache\dgconfig.dll
2010-04-24 11:23 9,344 ac------ c:\windows\system32\dllcache\compbatt.sys
2010-04-24 11:22 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2010-04-24 11:21 73,216 ac------ c:\windows\system32\dllcache\atintuxx.sys
2010-04-24 11:20 12,288 ac------ c:\windows\system32\dllcache\4mmdat.sys
2010-04-24 11:20 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2010-04-24 11:20 689,216 ac------ c:\windows\system32\dllcache\3dfxvs.dll
2010-04-24 11:20 148,352 ac------ c:\windows\system32\dllcache\3dfxvsm.sys
2010-04-24 11:20 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2010-04-24 11:20 53,248 ac------ c:\windows\system32\dllcache\1394bus.sys
2010-04-24 11:20 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2010-04-23 18:03 230,824 a----r-- c:\windows\system32\cpnprt2.cid
2010-04-23 18:03 <DIR> --d----- c:\program files\Coupons
==================== Find3M ====================
2010-05-03 20:00 2,418 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2010-04-21 13:49 24,932 a---h--- c:\windows\system32\mlfcache.dat
2010-03-28 12:15 107 -------- c:\docume~1\owner\applic~1\netstat.bat
2010-03-27 09:39 23,510,720 -------- c:\windows\dotnetfx.exe
2010-03-17 19:11 7,293 -------- c:\program files\ST6UNST.LOG
2010-03-17 19:08 249,856 -------- c:\windows\Setup1.exe
2010-03-17 19:08 73,216 -------- c:\windows\ST6UNST.EXE
2010-03-17 18:43 252,176 -------- c:\windows\system32\MSRD2X35.DLL
2010-03-10 04:02 417,792 a------- c:\windows\system32\vbscript.dll
2010-02-26 02:12 662,016 a------- c:\windows\system32\wininet.dll
2010-02-26 02:12 81,920 a------- c:\windows\system32\ieencode.dll
2010-02-25 10:53 34,405 -------- c:\windows\DIIUnin.dat
2010-02-25 10:43 2,829 -------- c:\windows\DIIUnin.pif
2010-02-25 10:43 94,208 -------- c:\windows\DIIUnin.exe
2004-12-11 14:47 1,413,120 -------- c:\program files\NSObserverList.exe
2004-12-11 14:31 562,848 -------- c:\program files\NexStar Observer List Manual.pdf
2004-12-11 14:26 143,093 -------- c:\program files\helpmain.htm
2004-03-19 23:04 488 -------- c:\program files\help.htm
2003-12-31 22:52 5,335 -------- c:\program files\helptoc.htm
2003-12-28 13:24 6,506,496 -------- c:\program files\NSObserverList.mdb
2003-09-15 22:46 90,112 -------- c:\program files\NSObserverTemplate.tmp
2003-09-05 22:52 5,518 -------- c:\program files\Astronomy Friendly.Theme
2001-03-16 16:56 4,748 -------- c:\program files\License.rtf
============= FINISH: 8:56:57.07 ===============
DDS ATTACH LOG:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2009 22:04:24
System Uptime: 5/7/2010 13:46:00 (355 hours ago)
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 109 GiB total, 91.501 GiB free.
😧 is FIXED (NTFS) - 37 GiB total, 24.659 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 4/28/2010 07:07:36 - System Checkpoint
RP2: 4/28/2010 07:11:52 - c:/
RP3: 4/28/2010 07:12:53 - Restore Operation
RP4: 4/29/2010 15:36:49 - System Checkpoint
RP5: 4/30/2010 17:49:07 - System Checkpoint
RP6: 5/1/2010 19:12:14 - System Checkpoint
RP7: 5/2/2010 20:27:49 - System Checkpoint
RP8: 5/3/2010 20:36:29 - System Checkpoint
RP9: 5/4/2010 21:22:25 - Removed VIPRE Antivirus Premium.
RP10: 5/4/2010 21:22:53 - Installed VIPRE Antivirus Premium.
RP11: 5/5/2010 21:45:49 - System Checkpoint
RP12: 5/7/2010 14:02:38 - System Checkpoint
RP13: 5/8/2010 18:14:21 - System Checkpoint
RP14: 5/9/2010 19:33:18 - System Checkpoint
RP15: 5/10/2010 20:07:11 - System Checkpoint
RP16: 5/11/2010 20:50:05 - System Checkpoint
RP17: 5/12/2010 12:44:02 - Installed Java(TM) 6 Update 20
RP18: 5/13/2010 12:50:05 - System Checkpoint
RP19: 5/14/2010 12:52:35 - System Checkpoint
RP20: 5/15/2010 08:17:34 - Software Distribution Service 3.0
RP21: 5/16/2010 08:50:05 - System Checkpoint
RP22: 5/17/2010 09:50:05 - System Checkpoint
RP23: 5/18/2010 10:50:05 - System Checkpoint
RP24: 5/19/2010 11:50:05 - System Checkpoint
RP25: 5/20/2010 12:50:05 - System Checkpoint
RP26: 5/21/2010 13:50:05 - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.2
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser MOUSE
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Dell Color Printer 725
Dell Resource CD
Diablo II
Driver Genius Professional Edition
Evidence The Last Ritual
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Missing
Move Media Player
Mozilla Firefox (3.6.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NexStar Observer List
NexStar Observer List (C:\Program Files\)
QuickTime
Return to Mysterious Island
Sansa Updater
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Shockwave
SoundMAX
TheSkyX First Light Edition
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Verizon High Speed Internet
Verizon Servicepoint 1.5.24
VIPRE Antivirus Premium
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB839210
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Yahoo! Install Manager
==== End Of File ===========================
OK, so there's the goods. Let's see what what may be revealed.
I thank you for your time and effort. Hope to hear from you soon.
COL>
0
Kudos
kevin27
4 Germanium
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎05-22-2010
02:29 PM
Re: Restarts in Stand-by/Hijackthis log
Hi colonelh,
Your Welcome,
Nothing major showing in the logs, just a bit of adware,
First i need you to go to:
- Start (windows icon bottom left corner of screen)
- Control panel
- Add/Remove programs
Coupon Printer for Windows
- Uninstall
- Reboot PC
Please download OTM by OldTimer. Save it to your desktop.
Double click OTM.exe to start the tool.
- Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
----------------------------------------------------------------------
:files
c:\windows\system32\cpnprt2.cid
c:\program files\Coupons:commands
[emptytemp]
[reboot]---------------------------------------------------------------------
- Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
After the machine has rebooted please navigate to the folder in bold C:\0c4c677c0e84eb8dd56dc00e2e and please list for me all, if any files that are in it.And please tell me, Are you putting your system in to sleep mode and its waking itself, or are you trying to put your system into sleep mode and the whole system is rebooting.
Thanks
K27.
Malware Removal Staff at SpywareHammer
The Internet is the New Age Battle of the Old Age Clash Between Good and Evil
0
Kudos
colonelh
2 Bronze
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎05-23-2010
09:52 AM
Re: Restarts in Stand-by/Hijackthis log
Hey K27,
Went through all your suggested routines and here's what we've got.
The OTM results:
All processes killed
========== FILES ==========
File/Folder c:\windows\system32\cpnprt2.cid not found.
File/Folder c:\program files\Coupons not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
User: Guest
->Temp folder emptied: 2687 bytes
->Temporary Internet Files folder emptied: 334340 bytes
->Flash cache emptied: 41044 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 623332765 bytes
->Temporary Internet Files folder emptied: 3956692 bytes
->Java cache emptied: 11554 bytes
->FireFox cache emptied: 87687096 bytes
->Flash cache emptied: 123238 bytes
User: Systech
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2175612 bytes
%systemroot%\System32 .tmp files removed: 2932753 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9959293 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 697.00 mb
OTM by OldTimer - Version 3.1.12.0 log created on 05232010_103817
Files moved on Reboot...
Registry entries deleted on Reboot...
In the folder C:\0c4c677c0e84eb8dd56dc00e2e there were two folders, amd64 and i386, both containing these files:
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/filterpipelineprintproc.dll
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/msxpsdrv.cat
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/msxpsdrv.inf
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/msxpsinc.gpd
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/msxpsinc.ppd
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/mxdwdrv.dll
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/xpssvcs.dll
The only differance in the files I see was the version number of: file:///C:/0c4c677c0e84eb8dd56dc00e2e/i386/filterpipelineprintproc.dll
All that said and done, the system repeatedly sleeps and wakes itself. It does not go through atotal reboot.
Thanks again,
COL>
0
Kudos
kevin27
4 Germanium
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎05-24-2010
12:03 PM
Re: Restarts in Stand-by/Hijackthis log
Hi colonelh,
I would like to run a few more scans just to double check that the is no infection hiding on the system.
YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,
Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.
Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:
http://www.bleepingcomputer.com/forums/topic114351.html
Next, please perform a rootkit scan:
- Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
- When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
- When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
- Leave your system completely idle while this longer scan is in progress.
- When the scan is done, save the scan log to the Windows clipboard
- Open Notepad or a similar text editor
- Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
- Exit the Program
- Save the Scan log as ARK.txt and post it in your next reply.
- Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.
If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.
Then please Run an online virus scan called Kaspersky from HERE.
-
1. At the main page. Press on "Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the the ARK log and the Kaspersky Online scan. If Kaspersky reports no threats were found then report that as well.
Thanks
K27.
Malware Removal Staff at SpywareHammer
The Internet is the New Age Battle of the Old Age Clash Between Good and Evil
0
Kudos
kevin27
4 Germanium
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎05-31-2010
04:27 AM
Re: Restarts in Stand-by/Hijackthis log
colonelh,
Do you still require assistance?
Malware Removal Staff at SpywareHammer
The Internet is the New Age Battle of the Old Age Clash Between Good and Evil
0
Kudos
colonelh
2 Bronze
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎05-31-2010
05:46 PM
Re: Restarts in Stand-by/Hijackthis log
Hey K27,
Sorry about the lapse, haven't had time.
The issue does remain and her is the ARK report.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 18:55:58
Windows 5.1.2600 Service Pack 2
Running: 0lcwtx00.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwtdqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF79BC4D0]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Legacy Host Intrusion Prevention System Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xEC3CBEC4]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Legacy Host Intrusion Prevention System Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xEC3CC07A]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF79BC520]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6CDFF80]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00130E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[496] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[496] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062106C
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00621184
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006210F8
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006201A8
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00620090
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00620694
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006202C0
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00620234
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00620004
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0062011C
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006204F0
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0062057C
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006203D8
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0062034C
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00620464
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00620608
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExW 77D6E621 3 Bytes JMP 006207AC
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExW + 4 77D6E625 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExA 77D702B2 3 Bytes JMP 00620720
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExA + 4 77D702B6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00620DB0
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00620F54
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00620D24
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00620E3C
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00620FE0
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00620EC8
.text C:\WINDOWS\system32\svchost.exe[564] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006208C4
.text C:\WINDOWS\system32\svchost.exe[564] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00620838
.text C:\WINDOWS\system32\svchost.exe[564] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00620950
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00E3106C
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E31184
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E310F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E30090
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00E30694
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E30234
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00E30004
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 00E3011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 00E304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 00E3057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 00E303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 00E3034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E30464
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00E30608
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00E30838
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00E30950
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00E307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00E30720
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00CA106C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00CA1184
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CA10F8
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CA01A8
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CA0090
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00CA0694
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CA02C0
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CA0234
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00CA0004
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 00CA011C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 00CA04F0
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 00CA057C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 00CA03D8
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 00CA034C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CA0464
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00CA0608
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00CA07AC
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00CA0720
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00CA0DB0
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00CA0F54
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00CA0D24
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00CA0E3C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00CA0FE0
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00CA0EC8
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CA08C4
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00CA0838
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00CA0950
.text C:\Program Files\iPod\bin\iPodService.exe[856] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\iPod\bin\iPodService.exe[856] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\iPod\bin\iPodService.exe[856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[856] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[856] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\snmp.exe[920] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0069106C
.text C:\WINDOWS\System32\snmp.exe[920] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00691184
.text C:\WINDOWS\System32\snmp.exe[920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006910F8
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006901A8
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00690090
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00690694
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006902C0
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00690234
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00690004
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0069011C
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006904F0
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0069057C
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006903D8
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0069034C
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00690464
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00690608
.text C:\WINDOWS\System32\snmp.exe[920] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006908C4
.text C:\WINDOWS\System32\snmp.exe[920] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00690838
.text C:\WINDOWS\System32\snmp.exe[920] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00690950
.text C:\WINDOWS\System32\snmp.exe[920] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 006907AC
.text C:\WINDOWS\System32\snmp.exe[920] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00690720
.text C:\WINDOWS\System32\smss.exe[956] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0030106C
.text C:\WINDOWS\System32\smss.exe[956] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00301184
.text C:\WINDOWS\System32\smss.exe[956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003010F8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[1004] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0078106C
.text C:\WINDOWS\system32\csrss.exe[1004] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00781184
.text C:\WINDOWS\system32\csrss.exe[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007810F8
.text C:\WINDOWS\system32\csrss.exe[1004] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 007807AC
.text C:\WINDOWS\system32\csrss.exe[1004] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00780720
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007801A8
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00780090
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00780694
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 007802C0
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00780234
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00780004
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0078011C
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 007804F0
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0078057C
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 007803D8
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0078034C
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00780464
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00780608
.text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00BB106C
.text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00BB1184
.text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB10F8
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BB01A8
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BB0090
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00BB0694
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BB02C0
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BB0234
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00BB0004
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 00BB011C
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 00BB04F0
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 00BB057C
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 00BB03D8
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 00BB034C
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00BB0464
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00BB0608
.text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00BB07AC
.text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00BB0720
.text C:\WINDOWS\system32\winlogon.exe[1028] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BB08C4
.text C:\WINDOWS\system32\winlogon.exe[1028] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00BB0838
.text C:\WINDOWS\system32\winlogon.exe[1028] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00BB0950
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0004106C
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00041184
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 000410F8
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000401A8
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00040090
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00040694
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000402C0
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00040234
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00040004
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0004011C
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000404F0
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0004057C
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000403D8
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0004034C
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00040464
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00040608
.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000407AC
.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00040720
.text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000408C4
.text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00040838
.text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00040950
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0095106C
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00951184
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009510F8
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009501A8
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00950090
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00950694
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009502C0
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00950234
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00950004
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0095011C
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 009504F0
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0095057C
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 009503D8
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0095034C
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00950464
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00950608
.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 009507AC
.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00950720
.text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009508C4
.text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00950838
.text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00950950
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062106C
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00621184
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006210F8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006201A8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00620090
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00620694
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006202C0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00620234
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00620004
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0062011C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006204F0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0062057C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006203D8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0062034C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00620464
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00620608
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 77D6E621 3 Bytes JMP 006207AC
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW + 4 77D6E625 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 77D702B2 3 Bytes JMP 00620720
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA + 4 77D702B6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006208C4
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00620838
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00620950
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0087106C
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00871184
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008710F8
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008701A8
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00870090
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00870694
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008702C0
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00870234
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00870004
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0087011C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 008704F0
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0087057C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 008703D8
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0087034C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00870464
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00870608
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 008707AC
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00870720
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008708C4
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00870838
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00870950
.text C:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006A106C
.text C:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 006A1184
.text C:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006A10F8
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006A01A8
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006A0090
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 006A0694
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006A02C0
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006A0234
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 006A0004
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 006A011C
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006A04F0
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 006A057C
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006A03D8
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 006A034C
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006A0464
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 006A0608
.text C:\WINDOWS\System32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 006A07AC
.text C:\WINDOWS\System32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 006A0720
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006A08C4
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 006A0838
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006A0950
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 006A0DB0
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 006A0F54
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 006A0D24
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 006A0E3C
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 006A0FE0
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 006A0EC8
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062106C
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00621184
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006210F8
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006201A8
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00620090
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00620694
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006202C0
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00620234
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00620004
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0062011C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006204F0
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0062057C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006203D8
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0062034C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00620464
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00620608
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 77D6E621 3 Bytes JMP 006207AC
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW + 4 77D6E625 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 77D702B2 3 Bytes JMP 00620720
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA + 4 77D702B6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0071106C
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00711184
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007110F8
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007101A8
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00710090
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00710694
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007102C0
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00710234
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00710004
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0071011C
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 007104F0
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0071057C
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 007103D8
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0071034C
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00710464
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00710608
.text C:\WINDOWS\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 007107AC
.text C:\WINDOWS\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00710720
.text C:\WINDOWS\system32\svchost.exe[1644] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007108C4
.text C:\WINDOWS\system32\svchost.exe[1644] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00710838
.text C:\WINDOWS\system32\svchost.exe[1644] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00710950
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00130DB0
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00130F54
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00130D24
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00130E3C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00130FE0
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00130EC8
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00130DB0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00130F54
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00130D24
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00130E3C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00130FE0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006A106C
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 006A1184
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006A10F8
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006A01A8
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006A0090
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 006A0694
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006A02C0
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006A0234
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 006A0004
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 006A011C
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006A04F0
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 006A057C
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006A03D8
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 006A034C
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006A0464
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 006A0608
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 006A07AC
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 006A0720
.text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006A08C4
.text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 006A0838
.text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006A0950
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 006A0DB0
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 006A0F54
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 006A0D24
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 006A0E3C
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 006A0FE0
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 006A0EC8
.text C:\WINDOWS\system32\igfxpers.exe[1928] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\WINDOWS\system32\igfxpers.exe[1928] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\WINDOWS\system32\igfxpers.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\igfxpers.exe[1928] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\igfxpers.exe[1928] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0092106C
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00921184
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009210F8
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009201A8
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00920090
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00920694
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009202C0
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00920234
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00920004
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0092011C
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 009204F0
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0092057C
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 009203D8
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0092034C
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00920464
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00920608
.text C:\WINDOWS\system32\spoolsv.exe[1988] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 009207AC
.text C:\WINDOWS\system32\spoolsv.exe[1988] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00920720
.text C:\WINDOWS\system32\spoolsv.exe[1988] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009208C4
.text C:\WINDOWS\system32\spoolsv.exe[1988] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00920838
.text C:\WINDOWS\system32\spoolsv.exe[1988] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00920950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[2124] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[2124] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00080720
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] user32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] user32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\Explorer.EXE[2276] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0008106C
.text C:\WINDOWS\Explorer.EXE[2276] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00081184
.text C:\WINDOWS\Explorer.EXE[2276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 000810F8
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[2276] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[2276] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[2276] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[2276] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[2276] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\notepad.exe[2440] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\notepad.exe[2440] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 03FA106C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 03FA1184
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03FA10F8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 03FA01A8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03FA0090
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 03FA0694
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03FA02C0
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03FA0234
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 03FA0004
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 03FA011C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 03FA04F0
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 03FA057C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 03FA03D8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 03FA034C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 03FA0464
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 03FA0608
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 03FA07AC
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 03FA0720
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 03FA08C4
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 03FA0838
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] WS2_32.dll!connect 71AB406A 5 Bytes JMP 03FA0950
.text C:\WINDOWS\system32\hkcmd.exe[3332] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\WINDOWS\system32\hkcmd.exe[3332] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\WINDOWS\system32\hkcmd.exe[3332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\hkcmd.exe[3332] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\hkcmd.exe[3332] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetOpenW 771BAEED 5 Bytes JMP 00130DB0
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetConnectA 771C308A 5 Bytes JMP 00130F54
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetOpenA 771C573E 5 Bytes JMP 00130D24
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetOpenUrlA 771C59F1 5 Bytes JMP 00130E3C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetConnectW 771CEDC8 5 Bytes JMP 00130FE0
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BC779924E27E5D4492BEBB66528611C\Usage@SunbeltMergeModules 1019155134
---- EOF - GMER 1.0.15 ----
At this time I was Unable to complete the Kapersky update to run the scan.
I must shut down for the lightening gets very close on my hilltop.
See you soon,
Remember our fallen brothers.
COL>
0
Kudos
kevin27
4 Germanium
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎05-31-2010
11:51 PM
Re: Restarts in Stand-by/Hijackthis log
PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:
Combo-fix MUST be save to your desktop before running the tool
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
When prompted to install the recovery console please make sure to do so as the is a VERY IMPORTANT backup of Combo-fix XP only
You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run Combo-Fix,
Post back and we will install it manually.
DO NOT mouse click when Combo-Fix is running as this will cause Combo-Fix to Stall and it will not work as it should
Please include the C:\ComboFix.txt in your next reply for further review.
Malware Removal Staff at SpywareHammer
The Internet is the New Age Battle of the Old Age Clash Between Good and Evil
0
Kudos
kevin27
4 Germanium
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎06-08-2010
10:53 PM
Re: Restarts in Stand-by/Hijackthis log
This topic is Inactive.....
The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)
If you are the original poster and would like further assistance please post a fresh HJT log and details of the problems you are having.
All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the button.
Regards
K27
Malware Removal Staff at SpywareHammer
The Internet is the New Age Battle of the Old Age Clash Between Good and Evil
0
Kudos