Redirecting Virus blocking all Anti-viral programs

Drive F

Hello.

Go to Start > Run. In the Run box, type in "cmd" without the quote marks and hit enter.
Now when the command prompt opens, tpye in the following:

expand F:\i386\appmgmts.dl_ c:\windows\system32\appmgmts.dll

Hit enter.

The command has to be typed exactly as seen, otherwise it wont work. To make it easier for you, I have pointed out where the spaces hard in case it's hard to read.

expandSPACEF:\i386\appmgmts.dl_SPACEc:\windows\system32\appmgmts.dll

If done correctly, it will say: 1 file(s) expanded successfully.

Let me know how it goes.

I type it in and it comes up with:

Can't open input file F:\i386\appmgmts.dl_

Lets not try putting it in system32 yet, lets just do it to C:\ drive.

Go this next command:

expand F:\i386\appmgmts.dl_ C:\appmgmts.dll

Does it expand now? its there a appmgmts.dll in your C:\ drive?

I recived the same message once more. How do I check if I have appmgmts.dll in my C:\ drive?

Bump.

Hello.
Glad you bumped, was looking for you.

Download that missing file from here:

http://www.dlldump.com/download-dll-files_new.php/dllfiles/A/appmgmts.dll/5.1.2600.2180/download.html

Download it to your Desktop, then move it into your system32 folder.
To do so:

Download the file, then right click it > Cut.

Now using Windows Explorer (windows key + E), navigate to this folder:
C:\Windows\system32

Right click anywhere, select "Paste" and that file will be put in the system32 folder.

Now lets uninstall a few useless things.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

All right, I've moved that file to the system32 folder and everything worked fine with that. Here is my uninstall list:

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Ahead InCD EasyWrite Reader
AIM 6
AIM Toolbar 5.0
Apple Software Update
Audacity 1.2.6
Avance AC'97 Audio
Badongo
Cadbury Bunny Screensaver
Call of Duty
CCleaner (remove only)
CleanUp!
Combined Community Codec Pack 2008-01-24
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Easy MPEG/AVI/DIVX/WMV/RM to DVD 1.8.5
ERUNT 1.1j
Glary Utilities 2.14.0.711
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
happy_holidays Screen Saver
HERSHEYS Trick or Treats Midnight Sky Screen Saver
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
HP Image Zone 3.5
hp officejet v series
HP PSC & OfficeJet 3.5
HP Share-to-Web
HP Software Update
IL-2 Sturmovik: Forgotten Battles
Jasc Paint Shop Pro 8
Java DB 10.4.2.1
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 14
JavaFX(TM) 1.2 SDK
LimeWire 4.16.7
Logitech Gaming Software
Malwarebytes' Anti-Malware
Manga Studio Debut 3.0
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft VC9 runtime libraries
Microsoft WinUsb 1.0
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MMS Chocolate River Screen Saver
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero OEM
NVIDIA Drivers
OpenOffice.org Installer 1.0
Pearl Harbor
QuickTime
RealPlayer
scroller Screen Saver
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
Smart Menus (Windows Live Toolbar)
System Requirements Lab
ubi.com
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Media Player
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Toolbar
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 8.1.2
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 14
JavaFX(TM) 1.2 SDK
LimeWire 4.16.7
Viewpoint Media Player

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Things seem to be running well now!!! I can open programs that it wouldn't allow me to before and everything seems perfectly fine!! Thank you so much!

Edit: It won't allow me to open SuperAntispyware, even when I reinstall it. Does that mean that there's still something wrong?

Bump.

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

GMER 1.0.15.15077 [842f42v0.exe] - http://www.gmer.net
Rootkit scan 2009-08-22 14:50:45
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF625E9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF625EA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF625E958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF625E96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF625EA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF625EA81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF625EAEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF625EAD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF625E9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF625EB1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF625EA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF625E930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF625E944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF625E9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF625EB57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF625EAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF625EAAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF625EA6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF625EB43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF625EB2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF625E996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF625E982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF625EA97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF625EA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF625EB05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF625EA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF625E9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwQueryValueKey + 5 8056A1F7 2 Bytes [90, 90] {NOP ; NOP }

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0025000A
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250076
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0025005B
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0025004A
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002500A4
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002500D0
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500BF
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002500E1
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0025002F
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250087
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250F37
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0034002C
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340062
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340011
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340000
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00340051
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350027
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0035000C
.text C:\Program Files\Internet Explorer\iexplore.exe[520] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00CB0000
.text C:\Program Files\Internet Explorer\iexplore.exe[520] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00CB0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[520] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00CB001B
.text C:\Program Files\Internet Explorer\iexplore.exe[520] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00CB0036
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ws2_32.dll!socket 71AB4211 5 Bytes JMP 018D0000
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F77
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F92
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070098
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070087
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F1A
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F2B
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070EFF
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F5C
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700A9
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyExW

.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060073
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FA6
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005000C
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FB7
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA008E
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA007D
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA005B
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0040
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F63
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA00B5
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F48
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00D7
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0F2D
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F7E
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00C6
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B90FC0
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B9005B
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B90FDB
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B9004A
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B90F9E
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D9, 88]
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B90FAF
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B80040
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B80025
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B80FC6
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B80FB5
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B80FD7
.text C:\WINDOWS\system32\lsass.exe[608] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90051
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F66
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F83
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90040
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90F9E
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F9008E
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F9007D
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F90F24
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F35
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F900D8
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90025
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FDE
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F9006C
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F9000A
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90FB9
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900B3
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FBC
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F8004A
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FCD
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FDE
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80039
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F80028
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80F97
.text C:\WINDOWS\system32\svchost.exe[760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F7003D
.text C:\WINDOWS\system32\svchost.exe[760] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F7002C
.text C:\WINDOWS\system32\svchost.exe[760] msvcrt.dll!_creat