WiredWX Hobby Weather ToolsLog in

 


spm/lx trojan

4 posters

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
Please download SysProt AntiRootkit v1.0.1.0 by Swatkat

  • Next run the file; *Note: If running vista right click and select run as administrator
  • Once opened, navigate to the log tab and select all the areas including the hidden objects only box and click on the create log button
  • A scan will start and then a window will pop up with two options, select scan all drives
  • Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
GMER opened after a couple of hrs while trying to run sysprot. I'll post the scan when it's done. Thanks again!

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
scan is too big. how do I post it?

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
Please split the log into two posts or more if required.

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
GMER 1.0.15.15077 [nj6mjfk4.exe] - http://www.gmer.net
Rootkit scan 2009-08-21 18:27:23
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 82F894A0 ZwDeviceIoControlFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEFB949AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEFB94A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEFB94958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEFB9496C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEFB94A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEFB94A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEFB94AF4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEFB94AD9]
Code 82B5D098 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEFB949EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEFB94B1E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEFB94A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEFB94930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEFB94944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEFB949BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEFB94B5A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEFB94AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEFB94AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEFB94A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEFB94B46]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEFB94B32]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEFB94996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEFB94982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEFB94A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEFB94A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEFB94B08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEFB94A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEFB949D4]
Code 82DF09D6 IofCallDriver
Code 82DBEB26 IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82DF09DB
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82DBEB2B
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EFB949D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP EFB94A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP EFB94AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP EFB949AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP EFB94986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP EFB94A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP EFB94B5E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP EFB94AF8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP EFB94934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP EFB949C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP EFB94A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP EFB94A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP EFB949EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 82B5D09C
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP EFB94970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP EFB94A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP EFB94948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP EFB94B22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP EFB94ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP EFB94A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP EFB94A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EFB9495C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD17 5 Bytes JMP EFB9499A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9DA 7 Bytes JMP EFB94B0C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E300 7 Bytes JMP EFB94AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E77C 7 Bytes JMP EFB94A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC71 5 Bytes JMP EFB94B36 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0DC 5 Bytes JMP EFB94B4A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0F68
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0F79
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F94
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0051
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FAF
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F3C
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F4D
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C00B0
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F17
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C00CB
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0040
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0078
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FCA
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C009F
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0084
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0073
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0062
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0051
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00410067
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!system 77C293C7 5 Bytes JMP 00410FD2
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00410FE3
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0041000C
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00410038
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0041001D
.text C:\WINDOWS\system32\svchost.exe[592] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F3A
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F55
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700BF
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700AE
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F0B
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0007009D
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F94
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA4
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB5
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD7
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC6
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0093
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0082
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED005B
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0FC3
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0F83
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED00C9
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F57
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00FA
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetProcAddress

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0040
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED00B8
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED002F
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0014
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F72
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC001B
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0069
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0FE5
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0058
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EC0047
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0036
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0027
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0F9C
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0016
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FEF
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FC1
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FD2
.text C:\WINDOWS\system32\lsass.exe[928] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70000
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006E0F4B
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006E0F5C
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006E0F79
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006E0F8A
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006E0FB6
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006E0093
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006E0082
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006E00D0
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006E00BF
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006E0F1C
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006E0F9B
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006E0011
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006E0065
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006E0022
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006E0FDB
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006E00AE
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006D0FD4
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006D0F9E
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006D0025
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006D0FAF
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 006D0051
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006D0036
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0058
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0FCD
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C0022
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C003D
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C0FDE
.text C:\WINDOWS\System32\svchost.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AB0082
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AB0F8D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AB0FA8
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AB005B
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AB002F
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AB00C1
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AB00A4
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AB0F43
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AB00D2
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AB00F7
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AB0040
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AB0093
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AB0FC3
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AB0FDE
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AB0F54
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AA0FE5
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AA0F9E
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AA0036
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AA001B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AA0FAF
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AA005B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AA0FD4
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A9006C
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A90047
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A90011
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A90036
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A90FE3
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F9E
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60089
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60078
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60FB9
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C6004A
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60F41
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F5C
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C600B8
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60F1F
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60F04
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C6005B
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60011
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F83
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60F30
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FC3
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50039
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50014
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50FDE
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C50F7C
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C50F97
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E5, 88] {IN EAX, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50FB2
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C4002C
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40011
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40FAB
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FC6
.text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30000
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03520000
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03520084
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03520069
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03520058
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03520F9B
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03520FB6
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03520F43
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03520095
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 035200BA
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03520F17
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03520F06
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0352003D
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03520011
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03520F74
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03520FD1
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0352002C
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03520F32
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03510040
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03510F9E
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03510025
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0351000A
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03510FB9
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03510FEF
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03510FCA
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [71, 8B] {JNO 0xffffffffffffff8d}
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03510051
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03300FB2
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!system 77C293C7 5 Bytes JMP 03300047
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03300FD7
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03300000
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0330002C
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03300011
.text C:\WINDOWS\System32\svchost.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 032E0FEF
.text C:\WINDOWS\System32\svchost.exe[1216] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 0324000A
.text C:\WINDOWS\System32\svchost.exe[1216] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 03240FEF
.text C:\WINDOWS\System32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 03240FDE
.text C:\WINDOWS\System32\svchost.exe[1216] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 03240FCD
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790FEF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00790F3A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00790F55
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00790F66
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [83]
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790F83
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790FA8
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790EF8
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00790F09
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0079005B
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00790EC2
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00790076
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0079002F
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00790FD4
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00790040
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0079001E
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00790EDD
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00780FD4
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00780058
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00780025
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00780FE5
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00780FA5
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00780047
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00780036
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00770053
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 00770FC8
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0077001D
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00770FE3
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00770038
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0077000C
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B20098
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B20087
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B20FB9
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B20076
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B20051
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B20F5A
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B20F6B
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B20F13
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B20F24
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B200C7
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B20FCA
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B2001B
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B20F88
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B20036
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B20F49
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B10FC3
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B10080
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B10014
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B10FD4
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B10065
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B10FE5
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B10054
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B10039
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B00F8D
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B00018
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B00FCD
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_open

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B00FA8
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B00FDE
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF0FE5
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F70
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F8B
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0FA8
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA005B
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F31
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F4E
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F05
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F16
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00B9
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F5F
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0094
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B90025
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B90F94
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B90014
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B90051
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B90040
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B90FAF
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B80F8B
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B80F9C
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B80FD2
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B80FC1
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B80FE3
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F81
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F92
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0076
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC009D
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F55
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F3A
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00D3
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0F1F
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0F66
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00AE
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00950FCA
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00950F9E
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00950FE5
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00950011
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00950FB9
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0095005B
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00950036
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00940FB7
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!system 77C293C7 5 Bytes JMP 00940042
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00940FD2
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00940027
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0094000C
.text C:\WINDOWS\system32\svchost.exe[1812] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1812] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00920025
.text C:\WINDOWS\system32\svchost.exe[1812] WININET.dll!InternetOpenUrlA

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
.text C:\WINDOWS\System32\svchost.exe[3576] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 002E002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F72
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260067
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0026004A
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F2B
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600B3
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0026008E
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260EFF
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F57
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F10
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350036
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035006C
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350051
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360027
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360016
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00CC0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00CC0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00CC0FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00CC0FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01590000
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0026004A
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260098
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F50
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F10

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F2B
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600BA
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0026005B
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F6B
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0026002F
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002600A9
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350040
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350F83
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0036006E
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360053
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360027
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360038
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01C00000
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01C0001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01C00036
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01C00FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] ws2_32.dll!socket 71AB4211 5 Bytes JMP 024D0000

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77E37211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77E0D8EC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C8099C0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C864F55] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C865C7F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C86250D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812DF6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C812B7E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80FCCF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80ACAF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C85AD4C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80DE9E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810800] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C801D7B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7E41A8AD] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7E41A610] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7E41A9B6] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [3D9BA776] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [3D94D508] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [3D949088] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [3D94DEAE] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [3D95D688] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [3D954928] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [3D9408A7] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [3D94654B] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3576] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [3D9BA87E] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)

descriptionspm/lx trojan - Page 2 EmptyRe: spm/lx trojan

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum