Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Won't Start , Linked to a Continuous Page File Increase


  • This topic is locked This topic is locked
18 replies to this topic

#1 Kawaja

Kawaja

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 01 March 2009 - 11:20 AM

So back in early December, I became unable to start Firefox. Any time I would try and start it, the process firefox.exe would appear for a split second in the Task Manager and then disappear. I tried a clean reinstall to no avail. I also discovered that my PF Usage in the Task Manager would keep climbing the longer I left my computer on, until it would top out at over 4 gigs (I have 2 gigs of RAM, in case it matters) and I would have to restart. At first I thought these problems were unrelated, but then around Christmas they both (for lack of a better term) resolved themselves. Firefox worked again, and my PF usage stayed at a reasonable level.

Fast forward to about a month ago when both of these issues reappear on the same day, so now I'm pretty convinced they're linked. In the midst of all this I had a problem where CHKDSK ran on startup, deleted a file (corrupt attribute record (128, " ") from file record segment 139394), and then would hang every time on startup, so I had to repair my Windows installation (which worked, but I wanted to include that here in case it's related).

I don't really know if this is malware, a virus, or something else that's causing this. Any help you can give would be greatly appreciated. Thanks!

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:20 PM

Posted 01 March 2009 - 01:48 PM

Hi and welcome to BleepingComputer :thumbsup:

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 Kawaja

Kawaja
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 01 March 2009 - 07:34 PM

Thanks for the response! Under the "System Startup" tab in Spybot, I didn't see anything that said "TeaTimer", but I did uncheck the "Resident TeaTimer" box.

Here's the Malware Byte's log:

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 3

3/1/2009 7:20:39 PM
mbam-log-2009-03-01 (19-20-39).txt

Scan type: Quick Scan
Objects scanned: 81354
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:20 PM

Posted 01 March 2009 - 10:18 PM

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 Kawaja

Kawaja
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 02 March 2009 - 01:02 AM

SDFix: Version 1.240
Run by Ben Jarvis on Mon 03/02/2009 at 12:02 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:20 PM

Posted 02 March 2009 - 10:52 AM

Please download ATF Cleaner by Atribune & save it to your desktop.
alternate download link DO NOT use yet.

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the
    definitions before scanning by selecting "Check for Updates". (If you encounter
    any problems while downloading the updates, manually download them from
    here and
    unzip into the program's folder.
    )
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under
    Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner
    Options
    , make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose:
    Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp"

ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 Kawaja

Kawaja
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 02 March 2009 - 07:17 PM

Firefox briefly worked after the SDFix scan and before rebooting for the SUPERAntiSpyware scan, but now doesn't again. Thanks for your continued help!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/02/2009 at 02:28 PM

Application Version : 4.25.1014

Core Rules Database Version : 3780
Trace Rules Database Version: 1738

Scan type : Complete Scan
Total Scan Time : 02:00:51

Memory items scanned : 231
Memory threats detected : 0
Registry items scanned : 8307
Registry threats detected : 12
File items scanned : 200971
File threats detected : 0

Unclassified.Oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf

#8 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:20 PM

Posted 02 March 2009 - 07:22 PM

Yes... this malware doesn't like to die. The tools give us windows, but we still have a ways to go.

Please perform a scan with Eset Onlinescan (NOD32).
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
  • You will see the Terms of Use. Tick the check-box in front of YES, I accept the Terms of Use
  • Now click Start.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?" (OnlineScanner.cab)".
  • Answer Yes to install and download the ActiveX controls that allows the scan to run.
  • Click Start. (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, check: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan to start the online scan. (this could take some time to complete)[/color]
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software. Just close the window.
  • Now click Start > Run... > type: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad.
  • Copy and paste the log results in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#9 Kawaja

Kawaja
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 03 March 2009 - 12:35 AM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3902 (20090302)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=34ecaf15751d33489bfd6c44ec878b1e
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-03 05:29:36
# local_time=2009-03-03 12:29:36 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=846294
# found=4
# scan_time=13468
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent25.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent55.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Music\Death Cab for Cutie\Narrow Stairs\05 - Talking Bird.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 5938E4D8C5D8104F0A1BA29191844DAA
C:\Music\Death Cab for Cutie\Narrow Stairs\08 - Your New Twin Sized Bed.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 315C1893ED4AAB7B02F17973B60F8249

#10 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:20 PM

Posted 03 March 2009 - 09:39 AM

ESET did its job - good.

Please rescan with SuperAntiSpyware and update and rescan with Malwarebytes. Please temporarily disconnect your internet connection while the scan is running. Reconnect when complete and post their logs. Hopefully we will see 0's

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:20 PM

Posted 03 March 2009 - 10:22 AM

http://www.threatexpert.com/report.aspx?md...13c6296cd5941b2

Looks quite nasty
Chewy

No. Try not. Do... or do not. There is no try.

#12 Kawaja

Kawaja
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 03 March 2009 - 11:28 PM

These scans look pretty clean, but Firefox still won't run after a reboot.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/03/2009 at 10:58 PM

Application Version : 4.25.1014

Core Rules Database Version : 3782
Trace Rules Database Version: 1739

Scan type : Complete Scan
Total Scan Time : 03:05:13

Memory items scanned : 558
Memory threats detected : 0
Registry items scanned : 8297
Registry threats detected : 0
File items scanned : 201175
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Ben Jarvis\Cookies\ben_jarvis@ehg-eset.hitbox[1].txt
C:\Documents and Settings\Ben Jarvis\Cookies\ben_jarvis@doubleclick[1].txt
C:\Documents and Settings\Ben Jarvis\Cookies\ben_jarvis@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Ben Jarvis\Cookies\ben_jarvis@hitbox[2].txt




Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3

3/3/2009 11:11:58 PM
mbam-log-2009-03-03 (23-11-58).txt

Scan type: Quick Scan
Objects scanned: 77377
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Kawaja, 04 March 2009 - 12:30 AM.


#13 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:20 PM

Posted 04 March 2009 - 07:26 PM

We may have to reinstall Firefox to corerect all the issues. But before that, please run one more scanner.

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#14 Kawaja

Kawaja
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 04 March 2009 - 10:12 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-04 22:03:59
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xB9ECE0B0]
SSDT 89334109 ZwCreateThread
SSDT sptd.sys ZwEnumerateKey [0xB9ED3A92]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED3E20]
SSDT sptd.sys ZwOpenKey [0xB9ECE090]
SSDT sptd.sys ZwQueryKey [0xB9ED3EF8]
SSDT sptd.sys ZwQueryValueKey [0xB9ED3D78]
SSDT sptd.sys ZwSetValueKey [0xB9ED3F8A]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B82428AC 5 Bytes JMP 89DE6538
? System32\Drivers\a44679fu.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[724] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[736] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\dllhost.exe[2496] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2896] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[3160] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5B84737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5B84733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 5B8474F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 5B847436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 5B8474B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 5B8473F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 5B8473BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 5B847474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 5B84752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] WS2_32.dll!select 71AB30A8 5 Bytes JMP 5B847626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] WS2_32.dll!socket 71AB4211 5 Bytes JMP 5B84756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] WS2_32.dll!bind 71AB4480 5 Bytes JMP 5B8475E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 5B8475AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] WS2_32.dll!recv 71AB676F 5 Bytes JMP 5B847664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 5B84779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 5B847816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3520] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 5B8477D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
? C:\WINDOWS\system32\svchost.exe[4020] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: quartz.dllunknown module: wsock32.dllunknown module: version.dllunknown module: oleaut32.dllunknown module: oleaut32.dll
.text C:\WINDOWS\system32\svchost.exe[4020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] wininet.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] wininet.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[4020] wininet.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] WS2_32.dll!select 71AB30A8 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] WS2_32.dll!bind 71AB4480 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] WS2_32.dll!send 71AB4C27 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] WS2_32.dll!recv 71AB676F 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[4688] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ECEAB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ECEBFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ECEB7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ECF728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ECF5FE] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 0271B6B2
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 02715F24
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 0271AA40
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 0271C05F
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 027174A3
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 02715BE0
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 02711E8E
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 02717E73
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 0271CDA9
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 02718183
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 02716122
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 02714C23
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 0271FB3A
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 0271A926
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 02718FB3
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 02712ADE
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] 02718E23
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 02715A5D
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 027207E2
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 0271A6B1
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 0271C463
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 02717220
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 0271FBF2
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 0271D113
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 02713C3A
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] 02712F59
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 027189FB
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 02717698
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 0271367B
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 027170E0
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 02713EDA
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 02717AC0
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 02718E9A
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 02715A54
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 02718F34
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 02714B54
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] 027194A5
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 0271D026
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 0271B6FD
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 027157ED
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] 0271A8F5
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 0271C997
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 02719B78
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 027183F2
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 0271BE39
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 02716D3B
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 0271D89D
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] 02719B6D
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 0271AE66
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 02718A2B
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] 027176F4
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 02715DDD
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 0271C855
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 02719F7B
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 027149D3
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 02713B26
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] 0271A706
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 02718BB0
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 027177E1
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 02718335
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] 0271ADC6
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] 027180A0
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 02719596
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 0271E245
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 02717EB9
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0271973A
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 0271E2E4
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 02718CCF
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 0271788D
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 027182E7
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 02712FEE
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 02716DC6
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0271B1C4
IAT C:\WINDOWS\system32\svchost.exe[4020] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0271E285

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A8961E8

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Fastfat \FatCdrom 89C0B5E0

AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 89DFF980
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8981E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8981E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8981E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8981E8
Device \Driver\usbuhci \Device\USBPDO-1 89DFF980
Device \Driver\usbehci \Device\USBPDO-2 89E3A980
Device \Driver\usbuhci \Device\USBPDO-3 89DFF980
Device \Driver\usbuhci \Device\USBPDO-4 89DFF980

AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A90A1E8
Device \Driver\PCI_NTPNP0960 \Device\00000058 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A90A1E8
Device \Driver\Cdrom \Device\CdRom0 89DD7980
Device \Driver\Cdrom \Device\CdRom1 89DD7980
Device \Driver\iastor \Device\Ide\iaStor0 8A8971E8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 8A8971E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A90A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89CB2588
Device \Driver\NetBT \Device\NetbiosSmb 89CB2588

AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 89DFF980
Device \Driver\usbuhci \Device\USBFDO-1 89DFF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89CCE288
Device \Driver\usbuhci \Device\USBFDO-2 89DFF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89CCE288
Device \Driver\usbuhci \Device\USBFDO-3 89DFF980
Device \Driver\usbehci \Device\USBFDO-4 89E3A980
Device \Driver\Ftdisk \Device\FtControl 8A90A1E8
Device \Driver\a44679fu \Device\Scsi\a44679fu1Port2Path0Target0Lun0 89D51470
Device \Driver\a44679fu \Device\Scsi\a44679fu1 89D51470
Device \FileSystem\Fastfat \Fat 89C0B5E0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Cdfs \Cdfs 89C0A7F0

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -381696218
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1035492485
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x99 0x9E 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x1D 0xE3 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x85 0x4B 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x84 0xA0 0xCA 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x99 0x9E 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x1D 0xE3 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x85 0x4B 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x84 0xA0 0xCA 0xEF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x99 0x9E 0x87 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x1D 0xE3 0x82 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2F 0x5F 0xC2 0x17 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x84 0xA0 0xCA 0xEF ...

---- EOF - GMER 1.0.14 ----

#15 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:20 PM

Posted 04 March 2009 - 10:21 PM

I need some time to review this report. Back to you shortly.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users