Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect


  • Please log in to reply
9 replies to this topic

#1 rjm_tts

rjm_tts

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 31 July 2011 - 02:12 AM

I am having problems with google search results being redirected to some random sites (that is, when I click on a link after google search, it goes to some random website; for example, I searched for 'amazon kindle for pc' on google search and when I clicked on a link that certainly looked like amazon website, it was redirected to some random website). The problem occurs intermittently. Also, I had problems running some programs like kindle pc on my computer. My computer has windows XP operating system. Since the problem, I have avoided google altogether and am using yahoo search in stead. I have symantec internet security system and the scan did not show any problems. I went to symantec website and they suggested to run windows power eraser and it detected three files: avifil.dll, avifil.exe and wpdmpt.exe but the problem is not resolved. I am still getting google redirects. I would appreciate your help in resolving the issue.

Thanks

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 31 July 2011 - 01:53 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 rjm_tts

rjm_tts
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 31 July 2011 - 11:32 PM

Thank you very much for your help. All the programs ran smoothly without any errors or issues while they were running. I have posted the log files for the various programs below:

1) Security check log:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
McAfee VirusScan Enterprise
Norton Internet Security
McAfee Agent
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 16
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.18)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
McAfee VirusScan Enterprise EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise Mcshield.exe
``````````End of Log````````````

2) Mindtool box log

MiniToolBox by Farbar
Ran by xxx (administrator) on 31-07-2011 at 15:12:44
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : VBUS96

Primary Dns Suffix . . . . . . . : xxx.edu

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : xxx.edu

xx.cox.net

xx.cox.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : xx.cox.net

Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card

Physical Address. . . . . . . . . : xx-60-76-58-7A-EB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

68.105.28.12

Lease Obtained. . . . . . . . . . : Sunday, July 31, 2011 2:55:53 PM

Lease Expires . . . . . . . . . . : Monday, August 01, 2011 2:55:53 PM



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : xx.cox.net

Description . . . . . . . . . . . : Intel® 82567LM Gigabit Network Connection

Physical Address. . . . . . . . . : xx-24-E8-BE-91-0A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.103

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

68.105.28.12

Lease Obtained. . . . . . . . . . : Sunday, July 31, 2011 10:15:15 AM

Lease Expires . . . . . . . . . . : Monday, August 01, 2011 10:15:15 AM

Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com.xxx.edu
Address: 72.215.225.9



Pinging google.com [74.125.91.104] with 32 bytes of data:



Reply from 74.125.91.104: bytes=32 time=111ms TTL=52

Reply from 74.125.91.104: bytes=32 time=119ms TTL=52



Ping statistics for 74.125.91.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 111ms, Maximum = 119ms, Average = 115ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com.xxx.edu
Address: 72.215.225.9



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=91ms TTL=55

Reply from 67.195.160.76: bytes=32 time=91ms TTL=55



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 91ms, Maximum = 91ms, Average = 91ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...0c 60 76 58 7a eb ...... Dell Wireless 1397 WLAN Mini-Card - Packet Scheduler Miniport
0x3 ...00 24 e8 be 91 0a ...... Intel® 82567LM Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 25
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.103 192.168.1.103 20
192.168.1.0 255.255.255.0 192.168.1.103 192.168.1.103 20
192.168.1.0 255.255.255.0 192.168.1.104 192.168.1.104 25
192.168.1.103 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.104 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.103 192.168.1.103 20
192.168.1.255 255.255.255.255 192.168.1.104 192.168.1.104 25
224.0.0.0 240.0.0.0 192.168.1.103 192.168.1.103 20
224.0.0.0 240.0.0.0 192.168.1.104 192.168.1.104 25
255.255.255.255 255.255.255.255 192.168.1.103 192.168.1.103 1
255.255.255.255 255.255.255.255 192.168.1.104 192.168.1.104 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/30/2011 06:27:35 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Error: (07/29/2011 02:25:26 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Error: (07/29/2011 00:46:55 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Error: (07/29/2011 00:46:06 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/29 12:46:06.500]: [00000688]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[129.7.28.68]

Error: (07/29/2011 00:45:54 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Error: (07/29/2011 00:45:05 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/29 12:45:05.296]: [00000688]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[129.7.28.68]

Error: (07/29/2011 00:44:04 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/29 12:44:04.093]: [00000688]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[129.7.28.68]

Error: (07/29/2011 00:43:02 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/29 12:43:02.875]: [00000688]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[129.7.28.68]

Error: (07/29/2011 00:42:01 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/29 12:42:01.656]: [00000688]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[129.7.28.68]

Error: (07/29/2011 00:41:00 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2011/07/29 12:41:00.437]: [00000688]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[129.7.28.68]


System errors:
=============
Error: (07/31/2011 03:11:45 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (07/31/2011 02:55:56 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (07/31/2011 02:55:52 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (07/31/2011 02:55:16 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (07/31/2011 02:55:16 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (07/31/2011 02:55:16 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain xxx due to the following:
%%1722.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (07/31/2011 00:04:17 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Error: (07/31/2011 11:04:16 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (07/31/2011 10:34:17 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (07/31/2011 10:19:17 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (02/25/2011 00:46:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 770595 seconds with 32460 seconds of active time. This session ended with a crash.

Error: (11/26/2010 10:03:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 189798 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/15/2010 10:26:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33238 seconds with 3720 seconds of active time. This session ended with a crash.

Error: (08/31/2010 05:00:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 843301 seconds with 20400 seconds of active time. This session ended with a crash.

Error: (04/14/2010 04:14:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 118602 seconds with 480 seconds of active time. This session ended with a crash.

Error: (11/03/2009 11:34:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 129796 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/01/2009 11:31:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25076 seconds with 120 seconds of active time. This session ended with a crash.


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 3571.84 MB
Available physical RAM: 2378.2 MB
Total Pagefile: 5452.8 MB
Available Pagefile: 4518.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.12 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:80.23 GB) NTFS

========================= Users: ========================================

User accounts for \\VBUS96

Administrator Guest HelpAssistant
SUPPORT_388945a0


== End of log ==

3) MBAM log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7336

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/31/2011 3:24:18 PM
mbam-log-2011-07-31 (15-24-18).txt

Scan type: Quick scan
Objects scanned: 218646
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------ end of MBAM log-----------------

4) GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-31 21:46:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160314AS rev.0003DEM1
Running: 0bjltk0n.exe; Driver: C:\DOCUME~1\XXX~1\LOCALS~1\Temp\fwtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT 8A9F6A78 ZwAlertResumeThread
SSDT 8A8E68A8 ZwAlertThread
SSDT 89FFDCD8 ZwAllocateVirtualMemory
SSDT 8A9D4A78 ZwAssignProcessToJobObject
SSDT 8A311A60 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB7E43710]
SSDT 8AC08B00 ZwCreateMutant
SSDT 8ABDBC68 ZwCreateSymbolicLinkObject
SSDT 8ADF2E08 ZwCreateThread
SSDT 8A9DEA78 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB7E43990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB7E43EF0]
SSDT 8A87C348 ZwDuplicateObject
SSDT 8ABD3B18 ZwFreeVirtualMemory
SSDT 8AA02A78 ZwImpersonateAnonymousToken
SSDT 8AA04A78 ZwImpersonateThread
SSDT 8AE47008 ZwLoadDriver
SSDT 8AE15E08 ZwMapViewOfSection
SSDT 8A9ABA78 ZwOpenEvent
SSDT 8AB9CCA0 ZwOpenProcess
SSDT 8AB9CE68 ZwOpenProcessToken
SSDT 8AA2BA78 ZwOpenSection
SSDT 8ABF0B40 ZwOpenThread
SSDT 8A0951E8 ZwProtectVirtualMemory
SSDT 8A9EBA78 ZwResumeThread
SSDT 8AB2ACA0 ZwSetContextThread
SSDT 8AA7AC90 ZwSetInformationProcess
SSDT 8A9E6A78 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB7E44140]
SSDT 8A82B108 ZwSuspendProcess
SSDT 8A885108 ZwSuspendThread
SSDT 8AA01A78 ZwTerminateProcess
SSDT 8A9DFA78 ZwTerminateThread
SSDT 8AB16C80 ZwUnmapViewOfSection
SSDT 8AD48CD0 ZwWriteVirtualMemory

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xB9C771C2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9C77020]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9C77034]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9C7712E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9C77118]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9C77144]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9C77200]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9C77170]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9C77072]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9C76FE4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9C76FF8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9C771AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9C77102]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9C770EC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9C770AE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9C77198]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9C77184]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9C7704A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9C7715A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9C771EA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CC8 80504564 4 Bytes [78, EA, 9D, 8A]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E08 805046A4 4 Bytes CALL 86DA4FFA
.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9C771EE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 805790A8 5 Bytes JMP B9C771C6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9C77204 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9C76FE8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9C76FFC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE8A 5 Bytes JMP B9C7704E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B9C77038 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D1230 5 Bytes JMP B9C77024 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80622314 7 Bytes JMP B9C770F0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 8062298C 7 Bytes JMP B9C7715E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8062323E 7 Bytes JMP B9C77106 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9C770B2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8062493C 7 Bytes JMP B9C77132 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80624BA6 7 Bytes JMP B9C7711C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9C77076 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80625810 7 Bytes JMP B9C771B0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625AD0 5 Bytes JMP B9C77188 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwLoadKey2 80625F20 7 Bytes JMP B9C77148 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 806261C4 5 Bytes JMP B9C7719C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806262DE 5 Bytes JMP B9C77174 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9589380, 0x381B8D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E9000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90093
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90F9E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90078
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90FAF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F57
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E90F68
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F17
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E900BA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E90F06
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90F83
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90051
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E90F3C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80033
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80F9B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80022
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80FAC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E80044
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E80FBD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70049
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70FBE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E7001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70038
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[220] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E6000A
.text C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe[360] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00980FEF
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00980F6B
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00980F7C
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00980F8D
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00980F9E
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0098004A
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0098008C
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0098007B
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009800C9
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009800B8
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009800DA
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00980FB9
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00980F5A
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00980FD4
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0098001B
.text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009800A7
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00970025
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00970FB9
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00970FD4
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00970076
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00970FE5
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00970051
.text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00970036
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00960FB0
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00960FC1
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00960FD2
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0096000C
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00960031
.text C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00950FEF
.text C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe[468] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A60067
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A60F72
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A60F83
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A60F94
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A60FAF
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A60F61
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A6009D
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A60F24
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A60F35
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A60F13
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A60036
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A60011
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A60082
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A60FCA
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A60FDB
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A60F46
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A50F94
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A50FD4
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A5005B
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A50FB9
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C5, 88]
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A50040
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A40051
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A40FCD
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A40FBC
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A40FDE
.text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010E0FEF
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010E008C
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010E0F8D
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010E005B
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010E0F9E
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010E002F
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010E0F5A
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010E0F6B
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010E0F1D
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010E0F2E
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010E00C7
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010E004A
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010E0FD4
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010E0F7C
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateNamedPipeW 7C82F0DD 3 Bytes JMP 010E0FC3
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateNamedPipeW + 4 7C82F0E1 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010E0014
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010E0F49
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010D0FAF
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010D002C
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010D0FCA
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010D0000
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010D0F6F
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010D0FEF
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010D001B
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010D0F9E
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF003A
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0029
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0018
.text C:\WINDOWS\system32\svchost.exe[688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01500000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01500F88
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01500073
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01500F99
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01500FB6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01500FD1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01500F6B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 015000B3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 015000D8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01500F3F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01500F24
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01500058
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01500011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 015000A2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0150003D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0150002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01500F50
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014F0FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014F0087
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014F0036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014F0025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014F0FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014F000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 014F0062
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014F0047
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!_wsystem 77C2931E 3 Bytes JMP 014E003D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!_wsystem + 4 77C29322 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!system 77C293C7 3 Bytes JMP 014E0FBC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!system + 4 77C293CB 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!_creat 77C2D40F 3 Bytes JMP 014E0011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!_creat + 4 77C2D413 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014E0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!_wcreat 77C2FC9B 3 Bytes JMP 014E0022
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!_wcreat + 4 77C2FC9F 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014E0FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[928] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014D000A
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01EC0FE5
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01EC0F6D
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01EC0062
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01EC0F94
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01EC0047
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01EC0036
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01EC0F3F
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01EC0087
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01EC0F09
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01EC00A2
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01EC0EEE
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01EC0FA5
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01EC000A
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01EC0F5C
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01EC0FD4
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01EC0025
.text C:\WINDOWS\Explorer.EXE[980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01EC0F24
.text C:\WINDOWS\Explorer.EXE[980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01EB002C
.text C:\WINDOWS\Explorer.EXE[980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01EB0F9B
.text C:\WINDOWS\Explorer.EXE[980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01EB0011
.text C:\WINDOWS\Explorer.EXE[980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01EB0FE5
.text C:\WINDOWS\Explorer.EXE[980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01EB0062
.text C:\WINDOWS\Explorer.EXE[980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01EB0000
.text C:\WINDOWS\Explorer.EXE[980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01EB0FC0
.text C:\WINDOWS\Explorer.EXE[980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0B, 8A]
.text C:\WINDOWS\Explorer.EXE[980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01EB003D
.text C:\WINDOWS\Explorer.EXE[980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01EA0051
.text C:\WINDOWS\Explorer.EXE[980] msvcrt.dll!system 77C293C7 5 Bytes JMP 01EA0FBC
.text C:\WINDOWS\Explorer.EXE[980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01EA0018
.text C:\WINDOWS\Explorer.EXE[980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01EA0FEF
.text C:\WINDOWS\Explorer.EXE[980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01EA0FCD
.text C:\WINDOWS\Explorer.EXE[980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01EA0FDE
.text C:\WINDOWS\Explorer.EXE[980] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 01E90FD4
.text C:\WINDOWS\Explorer.EXE[980] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 01E90FE5
.text C:\WINDOWS\Explorer.EXE[980] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 01E90FB9
.text C:\WINDOWS\Explorer.EXE[980] WININET.dll!InternetOpenUrlW 771D5BC2 5 Bytes JMP 01E90F9C
.text C:\WINDOWS\Explorer.EXE[980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01F80FEF
.text C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe[1216] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F69
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0054
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0043
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0F86
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD001E
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F3B
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0083
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD0F08
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0F19
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD00BC
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0F97
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F58
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0FB2
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\system32\services.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD0F2A
.text C:\WINDOWS\system32\services.exe[1408] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80039
.text C:\WINDOWS\system32\services.exe[1408] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80076
.text C:\WINDOWS\system32\services.exe[1408] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80014
.text C:\WINDOWS\system32\services.exe[1408] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80FDE
.text C:\WINDOWS\system32\services.exe[1408] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80065
.text C:\WINDOWS\system32\services.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\services.exe[1408] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E80054
.text C:\WINDOWS\system32\services.exe[1408] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E80FCD
.text C:\WINDOWS\system32\services.exe[1408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E7003A
.text C:\WINDOWS\system32\services.exe[1408] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70FAF
.text C:\WINDOWS\system32\services.exe[1408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70029
.text C:\WINDOWS\system32\services.exe[1408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\services.exe[1408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70FD4
.text C:\WINDOWS\system32\services.exe[1408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E7000C
.text C:\WINDOWS\system32\services.exe[1408] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E6000A
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0F99
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE008E
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE007D
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE006C
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0040
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE00D0
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE00B3
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0F2D
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0F48
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE00E1
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE005B
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0F88
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE0025
.text C:\WINDOWS\system32\lsass.exe[1420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE0F63
.text C:\WINDOWS\system32\lsass.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0FC0
.text C:\WINDOWS\system32\lsass.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0036
.text C:\WINDOWS\system32\lsass.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD001B
.text C:\WINDOWS\system32\lsass.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\system32\lsass.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0F6F
.text C:\WINDOWS\system32\lsass.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FD0F94
.text C:\WINDOWS\system32\lsass.exe[1420] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1D, 89]
.text C:\WINDOWS\system32\lsass.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0FA5
.text C:\WINDOWS\system32\lsass.exe[1420] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E40FAD
.text C:\WINDOWS\system32\lsass.exe[1420] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E40FBE
.text C:\WINDOWS\system32\lsass.exe[1420] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E40FD9
.text C:\WINDOWS\system32\lsass.exe[1420] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\lsass.exe[1420] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E4002E
.text C:\WINDOWS\system32\lsass.exe[1420] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\lsass.exe[1420] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B20F32
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B20F4D
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B20F5E
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B20F79
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B20FA5
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B20F0B
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B20053
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B20ECE
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B20EDF
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B2008C
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B20F8A
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B20FCA
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B20042
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B20011
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B20EF0
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B10036
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B10087
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B10025
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B10076
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B10FCA
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D1, 88]
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B10047
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B00FC0
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B00055
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B0000C
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B00044
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B00029
.text C:\WINDOWS\system32\svchost.exe[1620] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A7009B
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A70F9C
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A70FB9
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A70076
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A7004A
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A70F53
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A70F64
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A70F2E
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A700C7
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A700E2
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A70065
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A70F8B
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A70025
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A70FDE
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A700B6
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A60040
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A6007D
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A60062
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A60051
.text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A60FCA
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50F9F
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50FB0
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A50FD2
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A50FC1
.text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A5000C
.text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A80F81
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A80F9C
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A80076
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A80FC3
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A8005B
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A800BF
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A800AE
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A80F30
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A80F4B
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A800E4
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A80FD4
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A80091
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A80040
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A80025
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A80F66
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930073
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930062
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FC3
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920044
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092001D
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00910027
.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 771D5BC2 5 Bytes JMP 00910FCA
.text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 06020FEF
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 06020058
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 06020F63
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 06020F74
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0602003D
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0602002C
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 06020F35
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 06020F46
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 060200B3
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 06020F24
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 06020EFF
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 06020F9B
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 06020000
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 06020073
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0602001B
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 06020FCA
.text C:\WINDOWS\System32\svchost.exe[1904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 060200A2
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 06010FC3
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 06010F86
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 06010FD4
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 06010FE5
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 06010F97
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 06010000
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 06010FB2
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [21, 8E]
.text C:\WINDOWS\System32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 06010039
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 06000F75
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!system 77C293C7 5 Bytes JMP 06000F86
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 06000000
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 06000FEF
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 06000FAB
.text C:\WINDOWS\System32\svchost.exe[1904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 06000FD2
.text C:\WINDOWS\System32\svchost.exe[1904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 05FE000A
.text C:\WINDOWS\System32\svchost.exe[1904] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 05FF0011
.text C:\WINDOWS\System32\svchost.exe[1904] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 05FF0000
.text C:\WINDOWS\System32\svchost.exe[1904] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 05FF0038
.text C:\WINDOWS\System32\svchost.exe[1904] WININET.dll!InternetOpenUrlW 771D5BC2 5 Bytes JMP 05FF0FE5
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650089
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065006E
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006500D2
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006500B7
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500F4
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F65
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0065010F
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0065009A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650014
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FC3
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006500E3
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0064003D
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640073
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640011
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640058
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00640FC0
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FD1
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FA3
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!system 77C293C7 5 Bytes JMP 0063002E
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FC8
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063001D
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063000C
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F26
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F41
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F68
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F79
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0F9E
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0EEE
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F09
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0EC9
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B006C
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0EB8
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[2128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B005B
.text C:\WINDOWS\system32\wuauclt.exe[2128] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F90
.text C:\WINDOWS\system32\wuauclt.exe[2128] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\wuauclt.exe[2128] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[2128] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\wuauclt.exe[2128] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FB5
.text C:\WINDOWS\system32\wuauclt.exe[2128] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FC6
.text C:\WINDOWS\system32\wuauclt.exe[2128] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2128] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\wuauclt.exe[2128] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2128] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2128] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F79
.text C:\WINDOWS\system32\wuauclt.exe[2128] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[2128] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0F9E
.text C:\WINDOWS\system32\wuauclt.exe[2128] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\wuauclt.exe[2128] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0025
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0069
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F74
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F85
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FAC
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A004E
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0097
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A007A
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00CD
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00BC
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00E8
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FC7
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F4F
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A003D
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A002C
.text C:\WINDOWS\System32\svchost.exe[3264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F34
.text C:\WINDOWS\System32\svchost.exe[3264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290047
.text C:\WINDOWS\System32\svchost.exe[3264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290098
.text C:\WINDOWS\System32\svchost.exe[3264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029002C
.text C:\WINDOWS\System32\svchost.exe[3264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029001B
.text C:\WINDOWS\System32\svchost.exe[3264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290073
.text C:\WINDOWS\System32\svchost.exe[3264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[3264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290062
.text C:\WINDOWS\System32\svchost.exe[3264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FDB
.text C:\WINDOWS\System32\svchost.exe[3264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0F77
.text C:\WINDOWS\System32\svchost.exe[3264] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0F9C
.text C:\WINDOWS\System32\svchost.exe[3264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E000C
.text C:\WINDOWS\System32\svchost.exe[3264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[3264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FB7
.text C:\WINDOWS\System32\svchost.exe[3264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FD2
.text C:\WINDOWS\System32\svchost.exe[3264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0FEF
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 01E8003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 01E800F7
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 01E803D2
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 01E801B0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01E8031C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 01E80488
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 01E80266
.text C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe[5904] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Thanks again for your prompt help.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 31 July 2011 - 11:52 PM

You're running two AV programs:
McAfee VirusScan Enterprise
Norton Internet Security

One of them has to go.
Let me know, which you want to keep.

Does the redirection happen in both browsers?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

=========================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 rjm_tts

rjm_tts
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 02 August 2011 - 07:35 AM

Thanks for the quick response. McAfee was installed by my employer and I installed Norton internet security for internet. I will get rid of Norton but I am concerned about browsing internet safely.

I completed the two scans and the logs are below:

1) Rootkit unhooker scan:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9589000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6602752 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 176.26 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6275072 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 176.26 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xABFDE000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110801.049\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)
0xB8005000 C:\WINDOWS\system32\drivers\sthda.sys 1323008 bytes (IDT, Inc., IDT PC Audio)
0xAEAF5000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1290240 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB7A54000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx86.sys 831488 bytes (Symantec Corporation, BASH Driver)
0xB9DA9000 SYMEFA.SYS 765952 bytes
0xB9CEF000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5194000 C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)
0xB7BFB000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xB7CCA000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB7C6C000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB927D000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xABF70000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110801.030\IDSxpx86.sys 368640 bytes (Symantec Corporation, IDS Core Driver)
0xB7E79000 C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0xB7ED2000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB6031000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB9E76000 SYMDS.SYS 356352 bytes
0xB9C56000 mfehidk.sys 335872 bytes (McAfee, Inc., McAfee Link Driver)
0xBF60E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB4B18000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAEC50000 C:\WINDOWS\system32\DRIVERS\e1y5132.sys 253952 bytes (Intel Corporation, Intel® Gigabit Network Connection NDIS 5.1 deserialized driver)
0xB9303000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB6179000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CC2000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xACC00000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB7D3A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB94EB000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB7DAB000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB7E53000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB7E2D000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0xB7D65000 C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
0xB7FE1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9513000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9379000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB7D89000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9ECD000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB935B000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xB7BDD000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB7B1F000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xB7FC6000 C:\WINDOWS\system32\drivers\AESTAud.sys 110592 bytes (Andrea Electronics Corporation, Andrea Audio Driver)
0xB9CA8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB069E000 C:\DOCUME~1\xxx~1\LOCALS~1\Temp\fwtdypoc.sys 102400 bytes
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB658F000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB7A3C000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7F53000 C:\WINDOWS\system32\Drivers\RCFOX.sys 98304 bytes (SonicWALL, Inc., SonicWALL VPN Client IPSec Driver for Windows 98/Me/NT/2000/XP/Vista/Pocket PC)
0xB9D7C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9344000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB65A7000 C:\WINDOWS\system32\DRIVERS\WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB65BE000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB6579000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9D93000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB52BA000 C:\WINDOWS\system32\drivers\mfeavfk.sys 86016 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB62E4000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xABFCA000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110801.049\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB939C000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB9575000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB7F6B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E64000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB52CF000 C:\WINDOWS\system32\drivers\mfeapfk.sys 69632 bytes (McAfee, Inc., Access Protection Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9333000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA2B8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA208000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA178000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0xB667C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA228000 C:\WINDOWS\system32\drivers\mfetdik.sys 57344 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xB2334000 C:\WINDOWS\System32\Drivers\usbaapl.sys 57344 bytes (Apple, Inc., Apple Mobile Device USB Driver)
0xBA278000 C:\WINDOWS\System32\Drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA148000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA288000 C:\WINDOWS\system32\DRIVERS\usbccid.sys 49152 bytes (Microsoft Corporation, USB CCID Driver)
0xBA268000 C:\WINDOWS\System32\Drivers\cvusbdrv.sys 45056 bytes (Broadcom Corporation, Broadcom Credential Vault USB Driver)
0xBA258000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA118000 PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA248000 C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0xB7B9D000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1E8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAE481000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA188000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB53D0000 C:\WINDOWS\system32\drivers\mfebopk.sys 36864 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA238000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA470000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA380000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA458000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA330000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA450000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA418000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA410000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA460000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA468000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA338000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0xBA340000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA430000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA4A0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9C1A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB66F8000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9BE1000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB6569000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB92E3000 C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xAE79B000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB814C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB8164000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB8160000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9C0E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA5A4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9C16000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5F2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5E4000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA614000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA606000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5F0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5F4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5F6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5E6000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBA5E8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5EC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA78A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7AB000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA70B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA702000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
2) Aswmbr scan:

When I clicked on the exe file, the program asked me to download Avasti (sp?) anti virus program for better detection of virus definitions or something. I did not download this and proceeded further to the scan. The scan log is below:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-02 07:23:55
-----------------------------
07:23:55.578 OS Version: Windows 5.1.2600 Service Pack 3
07:23:55.578 Number of processors: 2 586 0x170A
07:23:55.578 ComputerName: VBUS96 UserName:
07:23:59.109 Initialize success
07:25:20.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:25:20.328 Disk 0 Vendor: ST9160314AS 0003DEM1 Size: 152627MB BusType: 3
07:25:20.359 Disk 0 MBR read successfully
07:25:20.359 Disk 0 MBR scan
07:25:20.359 Disk 0 Windows XP default MBR code
07:25:20.375 Disk 0 scanning sectors +312560640
07:25:20.562 Disk 0 scanning C:\WINDOWS\system32\drivers
07:25:53.062 Service scanning
07:25:56.750 Modules scanning
07:27:00.812 Disk 0 trace - called modules:
07:27:00.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
07:27:00.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0b1ab8]
07:27:00.859 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b0b5b00]
07:27:00.859 Scan finished successfully
07:27:47.656 Disk 0 MBR has been saved successfully to "C:\"
07:27:47.671 The log file has been saved successfully to "C:"

Thanks again for your help.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 02 August 2011 - 06:46 PM

Since McAfee VirusScan Enterprise was installed by your employer leave it there.
You can't be running two AV programs, so uninstall Norton using this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

Is this computer a property of your employer?
Do you have a permission to make changes to it?

Is the redirection present in both browsers?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 rjm_tts

rjm_tts
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 02 August 2011 - 10:00 PM

Thanks for your help. Yes, the computer is the property of my employer but I can install programs. I have not tried IE because I have never used it. I always use firefox.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 02 August 2011 - 10:02 PM

Did you uninstall Norton?

I want you to fire up IE and see if you have same problem there.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 rjm_tts

rjm_tts
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 05 August 2011 - 05:56 AM

Yes, I have uninstalled norton. I am concerned about internet security? Does McAfee provide internet security while browsing the internet? I have never used IE before and do you want me to download the recent version before trying?

Thanks

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 05 August 2011 - 06:51 PM

There is no perfect security program. If your computing habits are safe, you'll be perfectly fine with McAfee.

Internet Explorer is present on every computer.
Start>All Programs>Internet Explorer

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users