Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web redirect issue


  • Please log in to reply
7 replies to this topic

#1 cher d

cher d

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 January 2012 - 02:55 AM

Hello-

My laptop is infected with a virus that redirects me from google, yahoo, and other seach results to other websites. Also, I get an error message and blocked from your website when I enter your web address (bleepingcomputer.com) directly in the address bar. I've scanned and removed infections with MBAB several times but the redirecting issue is still there. Infections are found each time I scan with MBAB.

Thanks,

Cher

Edited by cher d, 21 January 2012 - 02:56 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 21 January 2012 - 03:16 AM

Download

TDSSkiller

Launch it Click on "Scan".Please post the LOG report


Download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Good luck

#3 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 January 2012 - 08:01 AM

Hi Narenxp- Thanks for your help. Here are logs from the TDSSKILLER and AVAST scans. The GMER are in the next post.

TDSSKILLER

03:54:30.0109 6904 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
03:54:32.0109 6904 ============================================================
03:54:32.0109 6904 Current date / time: 2012/01/21 03:54:32.0109
03:54:32.0109 6904 SystemInfo:
03:54:32.0109 6904
03:54:32.0109 6904 OS Version: 5.1.2600 ServicePack: 3.0
03:54:32.0109 6904 Product type: Workstation
03:54:32.0109 6904 ComputerName: MCOP-R8W0L52
03:54:32.0109 6904 UserName: cdavis
03:54:32.0109 6904 Windows directory: C:\WINDOWS
03:54:32.0109 6904 System windows directory: C:\WINDOWS
03:54:32.0109 6904 Processor architecture: Intel x86
03:54:32.0109 6904 Number of processors: 4
03:54:32.0109 6904 Page size: 0x1000
03:54:32.0109 6904 Boot type: Normal boot
03:54:32.0109 6904 ============================================================
03:54:32.0531 6904 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
03:54:32.0531 6904 Initialize success
03:54:35.0734 5532 ============================================================
03:54:35.0734 5532 Scan started
03:54:35.0734 5532 Mode: Manual;
03:54:35.0734 5532 ============================================================
03:54:35.0937 5532 5U877 (5e67a474cbc887daf0ddd343f6f7fea0) C:\WINDOWS\system32\DRIVERS\5U877.sys
03:54:36.0015 5532 5U877 - ok
03:54:36.0031 5532 Abiosdsk - ok
03:54:36.0031 5532 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
03:54:36.0093 5532 abp480n5 - ok
03:54:36.0093 5532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:54:36.0093 5532 ACPI - ok
03:54:36.0109 5532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
03:54:36.0109 5532 ACPIEC - ok
03:54:36.0125 5532 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
03:54:36.0171 5532 adpu160m - ok
03:54:36.0171 5532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:54:36.0187 5532 aec - ok
03:54:36.0203 5532 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
03:54:36.0203 5532 AFD - ok
03:54:36.0218 5532 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
03:54:36.0218 5532 agp440 - ok
03:54:36.0218 5532 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
03:54:36.0234 5532 agpCPQ - ok
03:54:36.0234 5532 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
03:54:36.0281 5532 Aha154x - ok
03:54:36.0296 5532 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
03:54:36.0328 5532 aic78u2 - ok
03:54:36.0343 5532 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
03:54:36.0390 5532 aic78xx - ok
03:54:36.0390 5532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
03:54:36.0437 5532 AliIde - ok
03:54:36.0453 5532 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
03:54:36.0453 5532 alim1541 - ok
03:54:36.0453 5532 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
03:54:36.0468 5532 amdagp - ok
03:54:36.0468 5532 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
03:54:36.0515 5532 amsint - ok
03:54:36.0531 5532 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
03:54:36.0562 5532 ANC - ok
03:54:36.0578 5532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
03:54:36.0578 5532 Arp1394 - ok
03:54:36.0593 5532 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
03:54:36.0640 5532 asc - ok
03:54:36.0640 5532 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
03:54:36.0687 5532 asc3350p - ok
03:54:36.0703 5532 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
03:54:36.0734 5532 asc3550 - ok
03:54:36.0750 5532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:54:36.0765 5532 AsyncMac - ok
03:54:36.0765 5532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:54:36.0765 5532 atapi - ok
03:54:36.0781 5532 Atdisk - ok
03:54:36.0796 5532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:54:36.0796 5532 Atmarpc - ok
03:54:36.0812 5532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:54:36.0812 5532 audstub - ok
03:54:36.0828 5532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:54:36.0828 5532 Beep - ok
03:54:36.0843 5532 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
03:54:36.0890 5532 BTKRNL - ok
03:54:36.0906 5532 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys
03:54:36.0984 5532 BTWUSB - ok
03:54:37.0000 5532 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
03:54:37.0000 5532 cbidf - ok
03:54:37.0015 5532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:54:37.0015 5532 cbidf2k - ok
03:54:37.0015 5532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
03:54:37.0031 5532 CCDECODE - ok
03:54:37.0031 5532 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
03:54:37.0078 5532 cd20xrnt - ok
03:54:37.0078 5532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:54:37.0093 5532 Cdaudio - ok
03:54:37.0093 5532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:54:37.0109 5532 Cdfs - ok
03:54:37.0109 5532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:54:37.0125 5532 Cdrom - ok
03:54:37.0125 5532 Changer - ok
03:54:37.0140 5532 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
03:54:37.0140 5532 CmBatt - ok
03:54:37.0156 5532 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
03:54:37.0156 5532 CmdIde - ok
03:54:37.0187 5532 CnxtHdAudService (34e172aa5c7abc4146346cd20233ee32) C:\WINDOWS\system32\drivers\CHDAU32.sys
03:54:37.0218 5532 CnxtHdAudService - ok
03:54:37.0234 5532 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
03:54:37.0234 5532 Compbatt - ok
03:54:37.0250 5532 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
03:54:37.0265 5532 Cpqarray - ok
03:54:37.0265 5532 CSVirtA (b90b0a61045db0c63487d1995f957680) C:\WINDOWS\system32\DRIVERS\CSVirtA.sys
03:54:37.0312 5532 CSVirtA - ok
03:54:37.0328 5532 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
03:54:37.0328 5532 dac2w2k - ok
03:54:37.0343 5532 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
03:54:37.0390 5532 dac960nt - ok
03:54:37.0406 5532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:54:37.0406 5532 Disk - ok
03:54:37.0421 5532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:54:37.0437 5532 dmboot - ok
03:54:37.0453 5532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:54:37.0453 5532 dmio - ok
03:54:37.0468 5532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:54:37.0468 5532 dmload - ok
03:54:37.0484 5532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:54:37.0484 5532 DMusic - ok
03:54:37.0500 5532 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
03:54:37.0531 5532 DozeHDD - ok
03:54:37.0562 5532 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
03:54:37.0578 5532 dpti2o - ok
03:54:37.0578 5532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:54:37.0593 5532 drmkaud - ok
03:54:37.0593 5532 e1kexpress (9f7ae949202f0ef6b17dd3cc5c117ad3) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
03:54:37.0687 5532 e1kexpress - ok
03:54:37.0703 5532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:54:37.0703 5532 Fastfat - ok
03:54:37.0718 5532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:54:37.0718 5532 Fdc - ok
03:54:37.0734 5532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:54:37.0734 5532 Fips - ok
03:54:37.0750 5532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:54:37.0750 5532 Flpydisk - ok
03:54:37.0765 5532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
03:54:37.0765 5532 FltMgr - ok
03:54:37.0781 5532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:54:37.0781 5532 Fs_Rec - ok
03:54:37.0796 5532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:54:37.0796 5532 Ftdisk - ok
03:54:37.0812 5532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:54:37.0812 5532 Gpc - ok
03:54:37.0828 5532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:54:37.0828 5532 HDAudBus - ok
03:54:37.0828 5532 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
03:54:37.0921 5532 HECI - ok
03:54:37.0937 5532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:54:37.0937 5532 HidUsb - ok
03:54:37.0953 5532 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
03:54:37.0984 5532 hpn - ok
03:54:38.0000 5532 HSFHWAZL (0d13842210353435fc1fb35ca7807644) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
03:54:38.0046 5532 HSFHWAZL - ok
03:54:38.0062 5532 HSF_DPV (8bc605518b1052db7011e5c4cc8417bf) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
03:54:38.0109 5532 HSF_DPV - ok
03:54:38.0125 5532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:54:38.0125 5532 HTTP - ok
03:54:38.0140 5532 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
03:54:38.0140 5532 i2omgmt - ok
03:54:38.0156 5532 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
03:54:38.0156 5532 i2omp - ok
03:54:38.0171 5532 i8042prt (cad683072c7cfb294ca76e974db475af) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:54:38.0171 5532 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: cad683072c7cfb294ca76e974db475af, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
03:54:38.0171 5532 i8042prt ( Virus.Win32.ZAccess.k ) - infected
03:54:38.0171 5532 i8042prt - detected Virus.Win32.ZAccess.k (0)
03:54:38.0187 5532 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
03:54:38.0187 5532 iaStor - ok
03:54:38.0203 5532 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
03:54:38.0234 5532 IBMPMDRV - ok
03:54:38.0250 5532 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
03:54:39.0843 5532 IBMTPCHK - ok
03:54:39.0859 5532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:54:39.0859 5532 Imapi - ok
03:54:39.0875 5532 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\WINDOWS\system32\DRIVERS\Impcd.sys
03:54:39.0953 5532 Impcd - ok
03:54:39.0968 5532 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
03:54:40.0000 5532 ini910u - ok
03:54:40.0015 5532 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
03:54:40.0015 5532 IntelIde - ok
03:54:40.0031 5532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:54:40.0031 5532 intelppm - ok
03:54:40.0046 5532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
03:54:40.0046 5532 Ip6Fw - ok
03:54:40.0062 5532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:54:40.0062 5532 IpFilterDriver - ok
03:54:40.0078 5532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:54:40.0078 5532 IpInIp - ok
03:54:40.0078 5532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:54:40.0093 5532 IpNat - ok
03:54:40.0093 5532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:54:40.0109 5532 IPSec - ok
03:54:40.0109 5532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:54:40.0109 5532 IRENUM - ok
03:54:40.0125 5532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:54:40.0125 5532 isapnp - ok
03:54:40.0140 5532 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
03:54:40.0187 5532 Iviaspi - ok
03:54:40.0203 5532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:54:40.0203 5532 Kbdclass - ok
03:54:40.0218 5532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:54:40.0218 5532 kmixer - ok
03:54:40.0234 5532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:54:40.0234 5532 KSecDD - ok
03:54:40.0250 5532 lbrtfdc - ok
03:54:40.0265 5532 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
03:54:40.0359 5532 lenovo.smi - ok
03:54:40.0359 5532 LenovoRd (007c3a7e6a864ab2b8c52df717a7254c) C:\WINDOWS\system32\Drivers\LenovoRd.sys
03:54:40.0484 5532 LenovoRd - ok
03:54:40.0500 5532 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
03:54:40.0546 5532 MBAMSwissArmy - ok
03:54:40.0578 5532 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
03:54:40.0578 5532 mdmxsdk - ok
03:54:40.0593 5532 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\WINDOWS\system32\drivers\mfeapfk.sys
03:54:40.0640 5532 mfeapfk - ok
03:54:40.0640 5532 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\WINDOWS\system32\drivers\mfeavfk.sys
03:54:40.0703 5532 mfeavfk - ok
03:54:40.0703 5532 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\WINDOWS\system32\drivers\mfebopk.sys
03:54:40.0750 5532 mfebopk - ok
03:54:40.0765 5532 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\WINDOWS\system32\drivers\mfehidk.sys
03:54:40.0812 5532 mfehidk - ok
03:54:40.0828 5532 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\WINDOWS\system32\drivers\mferkdet.sys
03:54:40.0875 5532 mferkdet - ok
03:54:40.0875 5532 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\WINDOWS\system32\drivers\mfetdik.sys
03:54:40.0921 5532 mfetdik - ok
03:54:40.0937 5532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:54:40.0937 5532 mnmdd - ok
03:54:40.0953 5532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:54:40.0953 5532 Modem - ok
03:54:40.0968 5532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:54:40.0968 5532 Mouclass - ok
03:54:40.0984 5532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:54:40.0984 5532 mouhid - ok
03:54:41.0000 5532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:54:41.0000 5532 MountMgr - ok
03:54:41.0015 5532 MpFilter (356842aac621ab40f18992c01a590f71) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
03:54:41.0109 5532 MpFilter - ok
03:54:41.0109 5532 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
03:54:41.0156 5532 mraid35x - ok
03:54:41.0156 5532 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
03:54:41.0203 5532 MREMP50 - ok
03:54:41.0203 5532 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
03:54:41.0250 5532 MRESP50 - ok
03:54:41.0265 5532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:54:41.0265 5532 MRxDAV - ok
03:54:41.0281 5532 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:54:41.0296 5532 MRxSmb - ok
03:54:41.0312 5532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:54:41.0312 5532 Msfs - ok
03:54:41.0328 5532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:54:41.0328 5532 MSKSSRV - ok
03:54:41.0343 5532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:54:41.0343 5532 MSPCLOCK - ok
03:54:41.0359 5532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:54:41.0359 5532 MSPQM - ok
03:54:41.0375 5532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:54:41.0375 5532 mssmbios - ok
03:54:41.0390 5532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
03:54:41.0390 5532 MSTEE - ok
03:54:41.0406 5532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
03:54:41.0406 5532 Mup - ok
03:54:41.0421 5532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
03:54:41.0421 5532 NABTSFEC - ok
03:54:41.0437 5532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:54:41.0437 5532 NDIS - ok
03:54:41.0453 5532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
03:54:41.0453 5532 NdisIP - ok
03:54:41.0468 5532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:54:41.0468 5532 NdisTapi - ok
03:54:41.0484 5532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:54:41.0484 5532 Ndisuio - ok
03:54:41.0500 5532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:54:41.0515 5532 NdisWan - ok
03:54:41.0515 5532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:54:41.0578 5532 NDProxy - ok
03:54:41.0578 5532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:54:41.0593 5532 NetBIOS - ok
03:54:41.0593 5532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:54:41.0609 5532 NetBT - ok
03:54:41.0687 5532 NETw5x32 (3bc15801f7b9dd2d16897a38a962ce56) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
03:54:41.0718 5532 NETw5x32 - ok
03:54:41.0718 5532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
03:54:41.0718 5532 NIC1394 - ok
03:54:41.0734 5532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:54:41.0734 5532 Npfs - ok
03:54:41.0750 5532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:54:41.0765 5532 Ntfs - ok
03:54:41.0781 5532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:54:41.0796 5532 Null - ok
03:54:41.0875 5532 nv (e2c2addbfad11a841212bb6e8be78f30) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:54:42.0000 5532 nv - ok
03:54:42.0015 5532 NVHDA (93187e98df4b8fe95d1c058601764c75) C:\WINDOWS\system32\drivers\nvhda32.sys
03:54:42.0062 5532 NVHDA - ok
03:54:42.0078 5532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:54:42.0078 5532 NwlnkFlt - ok
03:54:42.0093 5532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:54:42.0093 5532 NwlnkFwd - ok
03:54:42.0109 5532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
03:54:42.0109 5532 ohci1394 - ok
03:54:42.0125 5532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
03:54:42.0125 5532 Parport - ok
03:54:42.0140 5532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:54:42.0140 5532 PartMgr - ok
03:54:42.0156 5532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:54:42.0156 5532 ParVdm - ok
03:54:42.0171 5532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:54:42.0171 5532 PCI - ok
03:54:42.0187 5532 PCIDump - ok
03:54:42.0203 5532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:54:42.0203 5532 PCIIde - ok
03:54:42.0218 5532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
03:54:42.0218 5532 Pcmcia - ok
03:54:42.0234 5532 PDCOMP - ok
03:54:42.0250 5532 PDFRAME - ok
03:54:42.0250 5532 PDRELI - ok
03:54:42.0265 5532 PDRFRAME - ok
03:54:42.0281 5532 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
03:54:42.0328 5532 perc2 - ok
03:54:42.0343 5532 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
03:54:42.0343 5532 perc2hib - ok
03:54:42.0359 5532 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
03:54:42.0406 5532 pmem - ok
03:54:42.0421 5532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:54:42.0421 5532 PptpMiniport - ok
03:54:42.0437 5532 psadd (72de205cd4006dc45b1401859c506679) C:\WINDOWS\system32\DRIVERS\psadd.sys
03:54:42.0484 5532 psadd - ok
03:54:42.0484 5532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:54:42.0500 5532 PSched - ok
03:54:42.0515 5532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:54:42.0515 5532 Ptilink - ok
03:54:42.0515 5532 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:54:42.0531 5532 PxHelp20 - ok
03:54:42.0546 5532 qcfilterlno2k (34a8537519c22ae23e0d2041b47b577d) C:\WINDOWS\system32\DRIVERS\qcfilterlno2k.sys
03:54:42.0578 5532 qcfilterlno2k - ok
03:54:42.0593 5532 qcusbnetlno2k (f57c49c12de5a901b31bbb31a4a2c7fa) C:\WINDOWS\system32\DRIVERS\qcusbnetlno2k.sys
03:54:42.0687 5532 qcusbnetlno2k - ok
03:54:42.0703 5532 qcusbserlno2k (fda379f6c51b8a5dce95d108369ff137) C:\WINDOWS\system32\DRIVERS\qcusbserlno2k.sys
03:54:42.0781 5532 qcusbserlno2k - ok
03:54:42.0796 5532 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
03:54:42.0796 5532 ql1080 - ok
03:54:42.0812 5532 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
03:54:42.0812 5532 Ql10wnt - ok
03:54:42.0828 5532 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
03:54:42.0828 5532 ql12160 - ok
03:54:42.0843 5532 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
03:54:42.0843 5532 ql1240 - ok
03:54:42.0859 5532 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
03:54:42.0875 5532 ql1280 - ok
03:54:42.0875 5532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:54:42.0890 5532 RasAcd - ok
03:54:42.0890 5532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:54:42.0906 5532 Rasl2tp - ok
03:54:42.0906 5532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:54:42.0921 5532 RasPppoe - ok
03:54:42.0921 5532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:54:42.0937 5532 Raspti - ok
03:54:42.0937 5532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:54:42.0953 5532 Rdbss - ok
03:54:42.0968 5532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:54:42.0968 5532 RDPCDD - ok
03:54:42.0984 5532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:54:42.0984 5532 rdpdr - ok
03:54:43.0015 5532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
03:54:43.0015 5532 RDPWD - ok
03:54:43.0031 5532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:54:43.0031 5532 redbook - ok
03:54:43.0046 5532 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
03:54:43.0093 5532 regi - ok
03:54:43.0109 5532 rimspci (571e6ae8d33f6aaaf342d0919630f901) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
03:54:43.0203 5532 rimspci - ok
03:54:43.0218 5532 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
03:54:43.0250 5532 RimUsb - ok
03:54:43.0265 5532 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
03:54:43.0343 5532 RimVSerPort - ok
03:54:43.0359 5532 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
03:54:43.0359 5532 ROOTMODEM - ok
03:54:43.0390 5532 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
03:54:43.0437 5532 s24trans - ok
03:54:43.0453 5532 sdbus (d1facb3c7d12f439c18ef01aa88c2a9d) C:\WINDOWS\system32\DRIVERS\sdbus.sys
03:54:43.0531 5532 sdbus - ok
03:54:43.0546 5532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:54:43.0546 5532 Secdrv - ok
03:54:43.0562 5532 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:54:43.0562 5532 Serenum - ok
03:54:43.0578 5532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:54:43.0578 5532 Serial - ok
03:54:43.0593 5532 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
03:54:43.0609 5532 sffdisk - ok
03:54:43.0609 5532 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
03:54:43.0625 5532 sffp_sd - ok
03:54:43.0625 5532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:54:43.0640 5532 Sfloppy - ok
03:54:43.0656 5532 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
03:54:43.0703 5532 Shockprf - ok
03:54:43.0703 5532 Simbad - ok
03:54:43.0718 5532 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
03:54:43.0718 5532 sisagp - ok
03:54:43.0734 5532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
03:54:43.0734 5532 SLIP - ok
03:54:43.0750 5532 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
03:54:43.0828 5532 smihlp - ok
03:54:43.0843 5532 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
03:54:43.0843 5532 Sparrow - ok
03:54:43.0859 5532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:54:43.0859 5532 splitter - ok
03:54:43.0875 5532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:54:43.0875 5532 sr - ok
03:54:43.0906 5532 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
03:54:43.0953 5532 Srv - ok
03:54:43.0984 5532 stmtpm (8afa1b80366276f8345a6b61e0df2f3e) C:\WINDOWS\system32\DRIVERS\stm_tpm.sys
03:54:44.0062 5532 stmtpm - ok
03:54:44.0078 5532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
03:54:44.0078 5532 streamip - ok
03:54:44.0093 5532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:54:44.0093 5532 swenum - ok
03:54:44.0109 5532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:54:44.0109 5532 swmidi - ok
03:54:44.0125 5532 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
03:54:44.0171 5532 symc810 - ok
03:54:44.0187 5532 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
03:54:44.0234 5532 symc8xx - ok
03:54:44.0234 5532 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
03:54:44.0250 5532 sym_hi - ok
03:54:44.0265 5532 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
03:54:44.0312 5532 sym_u3 - ok
03:54:44.0328 5532 SynTP (0953d53a2d272de4c4be1e6c6a2c90d4) C:\WINDOWS\system32\DRIVERS\SynTP.sys
03:54:44.0375 5532 SynTP - ok
03:54:44.0390 5532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:54:44.0390 5532 sysaudio - ok
03:54:44.0406 5532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:54:44.0421 5532 Tcpip - ok
03:54:44.0437 5532 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys
03:54:44.0531 5532 TcUsb - ok
03:54:44.0531 5532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:54:44.0546 5532 TDPIPE - ok
03:54:44.0546 5532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:54:44.0562 5532 TDTCP - ok
03:54:44.0562 5532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:54:44.0578 5532 TermDD - ok
03:54:44.0593 5532 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
03:54:44.0593 5532 TosIde - ok
03:54:44.0609 5532 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
03:54:44.0656 5532 TPDIGIMN - ok
03:54:44.0671 5532 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
03:54:44.0703 5532 TPHKDRV - ok
03:54:44.0718 5532 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
03:54:44.0765 5532 TPPWRIF - ok
03:54:44.0781 5532 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
03:54:45.0859 5532 TSMAPIP - ok
03:54:45.0875 5532 TVTI2C (3078906e991f29305e8066911153717e) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
03:54:45.0953 5532 TVTI2C - ok
03:54:45.0953 5532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:54:45.0968 5532 Udfs - ok
03:54:45.0984 5532 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
03:54:46.0015 5532 ULCDRHlp - ok
03:54:46.0031 5532 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
03:54:46.0078 5532 ultra - ok
03:54:46.0093 5532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:54:46.0109 5532 Update - ok
03:54:46.0125 5532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:54:46.0125 5532 usbccgp - ok
03:54:46.0140 5532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:54:46.0140 5532 usbehci - ok
03:54:46.0156 5532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:54:46.0156 5532 usbhub - ok
03:54:46.0171 5532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:54:46.0171 5532 usbscan - ok
03:54:46.0187 5532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:54:46.0203 5532 USBSTOR - ok
03:54:46.0203 5532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:54:46.0218 5532 usbuhci - ok
03:54:46.0218 5532 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
03:54:46.0234 5532 usbvideo - ok
03:54:46.0234 5532 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
03:54:46.0234 5532 USB_RNDIS - ok
03:54:46.0250 5532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:54:46.0250 5532 VgaSave - ok
03:54:46.0265 5532 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
03:54:46.0265 5532 viaagp - ok
03:54:46.0281 5532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
03:54:46.0281 5532 ViaIde - ok
03:54:46.0296 5532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:54:46.0296 5532 VolSnap - ok
03:54:46.0328 5532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:54:46.0328 5532 Wanarp - ok
03:54:46.0343 5532 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
03:54:46.0421 5532 Wdf01000 - ok
03:54:46.0437 5532 WDICA - ok
03:54:46.0453 5532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:54:46.0453 5532 wdmaud - ok
03:54:46.0484 5532 winachsf (e08ca06bd56b66d6565123445adb37a6) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
03:54:46.0531 5532 winachsf - ok
03:54:46.0562 5532 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
03:54:46.0562 5532 WmiAcpi - ok
03:54:46.0593 5532 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
03:54:46.0593 5532 WpdUsb - ok
03:54:46.0609 5532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
03:54:46.0625 5532 WSTCODEC - ok
03:54:46.0625 5532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:54:46.0640 5532 WudfPf - ok
03:54:46.0656 5532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:54:46.0656 5532 WudfRd - ok
03:54:46.0687 5532 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
03:54:46.0687 5532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
03:54:46.0687 5532 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
03:54:46.0687 5532 Boot (0x1200) (594be009603b286a0a18385f9613497d) \Device\Harddisk0\DR0\Partition0
03:54:46.0687 5532 \Device\Harddisk0\DR0\Partition0 - ok
03:54:46.0687 5532 ============================================================
03:54:46.0687 5532 Scan finished
03:54:46.0687 5532 ============================================================
03:54:46.0703 4012 Detected object count: 2
03:54:46.0703 4012 Actual detected object count: 2
03:55:20.0687 4012 Backup copy found, using it..
03:55:21.0453 4012 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
03:55:22.0031 4012 i8042prt ( Virus.Win32.ZAccess.k ) - User select action: Cure
03:55:22.0031 4012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
03:55:22.0046 4012 \Device\Harddisk0\DR0 - ok
03:55:22.0046 4012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
---------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-21 07:30:59
-----------------------------
07:30:59.046 OS Version: Windows 5.1.2600 Service Pack 3
07:30:59.046 Number of processors: 4 586 0x2505
07:30:59.046 ComputerName: MCOP-R8W0L52 UserName: cdavis
07:30:59.531 Initialize success
07:41:51.515 AVAST engine defs: 12012100
07:43:13.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:43:13.125 Disk 0 Vendor: SAMSUNG_ AXM0 Size: 122104MB BusType: 3
07:43:13.171 Disk 0 MBR read successfully
07:43:13.171 Disk 0 MBR scan
07:43:13.187 Disk 0 Windows XP default MBR code
07:43:13.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122096 MB offset 63
07:43:13.234 Disk 0 scanning sectors +250054560
07:43:13.437 Disk 0 scanning C:\WINDOWS\system32\drivers
07:44:15.109 Service scanning
07:44:16.062 Modules scanning
07:45:08.281 Disk 0 trace - called modules:
07:45:08.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
07:45:08.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad86030]
07:45:08.312 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000093[0x8ad8b8d8]
07:45:08.312 5 ACPI.sys[b7f68620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8ada0028]
07:45:08.546 AVAST engine scan C:\WINDOWS
07:45:51.984 AVAST engine scan C:\WINDOWS\system32
07:52:21.125 AVAST engine scan C:\WINDOWS\system32\drivers
07:53:23.171 AVAST engine scan C:\Documents and Settings\cdavis
07:53:31.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\cdavis\Desktop\virus\MBR.dat"
07:53:31.609 The log file has been saved successfully to "C:\Documents and Settings\cdavis\Desktop\virus\aswMBR.txt"

Edited by cher d, 21 January 2012 - 08:14 AM.


#4 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 January 2012 - 08:07 AM

GMER log is too long for one post. Had to post in two replies.


GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-21 07:29:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.AXM0
Running: yr4kpkbv.exe; Driver: C:\DOCUME~1\cdavis\LOCALS~1\Temp\kxdyyuow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xB7BF27B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB7BF2676]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB7BF2610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB7BF2624]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7BF268A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7BF26B6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB7BF2724]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB7BF270E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB7BF273A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7BF27F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB7BF2766]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB7BF2662]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7BF25D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7BF25E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB7BF27CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB7BF27A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB7BF26F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB7BF26E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB7BF26A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB7BF278E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB7BF277A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB7BF264E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB7BF263A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB7BF26CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7BF2827]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB7BF2750]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7BF280E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7BF27E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B7BF27E6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 805790A8 5 Bytes JMP B7BF27BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B7BF27FC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B7BF2812 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B841E 7 Bytes JMP B7BF27D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B7BF25D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B7BF25EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE8A 5 Bytes JMP B7BF263E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B7BF2628 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D1230 5 Bytes JMP B7BF2614 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D173A 5 Bytes JMP B7BF2652 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B7BF282B mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80622314 7 Bytes JMP B7BF26E6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B7BF26D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 8062298C 7 Bytes JMP B7BF2754 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8062323E 7 Bytes JMP B7BF26FC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B7BF26A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B7BF267A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B7BF268E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B7BF26BA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8062493C 7 Bytes JMP B7BF2728 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80624BA6 7 Bytes JMP B7BF2712 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B7BF2666 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80625810 7 Bytes JMP B7BF27A6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625AD0 5 Bytes JMP B7BF277E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwLoadKey2 80625F20 7 Bytes JMP B7BF273E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 806261C4 5 Bytes JMP B7BF2792 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806262DE 5 Bytes JMP B7BF276A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? 97614382.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB596E380, 0x3E5675, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00880000
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0088007A
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00880069
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00880F91
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0088004E
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00880FC0
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00880F46
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00880F63
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008800C7
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00880F24
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008800E2
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0088003D
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00880011
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00880F74
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0088002C
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00880FDB
.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00880F35
.text C:\WINDOWS\system32\svchost.exe[276] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00870FC3
.text C:\WINDOWS\system32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0087005E
.text C:\WINDOWS\system32\svchost.exe[276] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00870FDE
.text C:\WINDOWS\system32\svchost.exe[276] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00870FEF
.text C:\WINDOWS\system32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00870043
.text C:\WINDOWS\system32\svchost.exe[276] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00870FA1
.text C:\WINDOWS\system32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A7, 88]
.text C:\WINDOWS\system32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00870FB2
.text C:\WINDOWS\system32\svchost.exe[276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0086004E
.text C:\WINDOWS\system32\svchost.exe[276] msvcrt.dll!system 77C293C7 5 Bytes JMP 00860FC3
.text C:\WINDOWS\system32\svchost.exe[276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0086002C
.text C:\WINDOWS\system32\svchost.exe[276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00860000
.text C:\WINDOWS\system32\svchost.exe[276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0086003D
.text C:\WINDOWS\system32\svchost.exe[276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00860011
.text C:\WINDOWS\system32\svchost.exe[276] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00850000
.text C:\WINDOWS\system32\SearchIndexer.exe[408] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EB0073
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EB0F7E
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EB0FA5
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EB0062
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EB0036
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EB0F57
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EB009F
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EB00D5
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EB00C4
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EB00F0
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EB0047
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EB001B
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EB008E
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EB0FD4
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\system32\svchost.exe[464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EB0F46
.text C:\WINDOWS\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EA0FC3
.text C:\WINDOWS\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EA0F7C
.text C:\WINDOWS\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EA0FD4
.text C:\WINDOWS\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EA0F97
.text C:\WINDOWS\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EA0FE5
.text C:\WINDOWS\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EA0FB2
.text C:\WINDOWS\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0A, 89]
.text C:\WINDOWS\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EA0039
.text C:\WINDOWS\system32\svchost.exe[464] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E90FC7
.text C:\WINDOWS\system32\svchost.exe[464] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E9005C
.text C:\WINDOWS\system32\svchost.exe[464] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E9003A
.text C:\WINDOWS\system32\svchost.exe[464] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\svchost.exe[464] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E9004B
.text C:\WINDOWS\system32\svchost.exe[464] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E90029
.text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E8000A
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0093
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0082
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0071
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00B0
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F68
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F43
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00E6
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00F7
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F83
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[668] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00CB
.text C:\WINDOWS\system32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FC3
.text C:\WINDOWS\system32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F7C
.text C:\WINDOWS\system32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FDE
.text C:\WINDOWS\system32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930039
.text C:\WINDOWS\system32\svchost.exe[668] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FA1
.text C:\WINDOWS\system32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[668] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FB2
.text C:\WINDOWS\system32\svchost.exe[668] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0092005F
.text C:\WINDOWS\system32\svchost.exe[668] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920044
.text C:\WINDOWS\system32\svchost.exe[668] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FDE
.text C:\WINDOWS\system32\svchost.exe[668] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[668] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920033
.text C:\WINDOWS\system32\svchost.exe[668] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092000C
.text C:\WINDOWS\system32\svchost.exe[668] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[668] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[668] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 0090002C
.text C:\WINDOWS\system32\svchost.exe[668] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00900FDB
.text C:\WINDOWS\system32\svchost.exe[668] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0087
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE006C
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0051
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0F94
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0F50
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE0F61
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0F1A
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0F3F
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE0F09
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0036
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0098
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\services.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE00BD
.text C:\WINDOWS\system32\services.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E9001E
.text C:\WINDOWS\system32\services.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E90F86
.text C:\WINDOWS\system32\services.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E90FCD
.text C:\WINDOWS\system32\services.exe[1316] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E90FDE
.text C:\WINDOWS\system32\services.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E90FA1
.text C:\WINDOWS\system32\services.exe[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\services.exe[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E90043
.text C:\WINDOWS\system32\services.exe[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E90FB2
.text C:\WINDOWS\system32\services.exe[1316] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E80F92
.text C:\WINDOWS\system32\services.exe[1316] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E80FAD
.text C:\WINDOWS\system32\services.exe[1316] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E80FD9
.text C:\WINDOWS\system32\services.exe[1316] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\services.exe[1316] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E80FC8
.text C:\WINDOWS\system32\services.exe[1316] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E80011
.text C:\WINDOWS\system32\services.exe[1316] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E70FE5
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0131000A
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01310F86
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01310071
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01310054
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01310F97
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01310FCD
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01310F44
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01310F61
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013100B1
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01310F18
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01310EFD
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01310FB2
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01310FEF
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0131008C
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01310039
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01310FDE
.text C:\WINDOWS\system32\lsass.exe[1328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01310F33
.text C:\WINDOWS\system32\lsass.exe[1328] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01300014
.text C:\WINDOWS\system32\lsass.exe[1328] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01300F86
.text C:\WINDOWS\system32\lsass.exe[1328] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01300FB9
.text C:\WINDOWS\system32\lsass.exe[1328] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01300FD4
.text C:\WINDOWS\system32\lsass.exe[1328] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01300043
.text C:\WINDOWS\system32\lsass.exe[1328] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01300FEF
.text C:\WINDOWS\system32\lsass.exe[1328] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01300F97
.text C:\WINDOWS\system32\lsass.exe[1328] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [50, 89]
.text C:\WINDOWS\system32\lsass.exe[1328] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01300FA8
.text C:\WINDOWS\system32\lsass.exe[1328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012F0FB5
.text C:\WINDOWS\system32\lsass.exe[1328] msvcrt.dll!system 77C293C7 5 Bytes JMP 012F0040
.text C:\WINDOWS\system32\lsass.exe[1328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012F000A
.text C:\WINDOWS\system32\lsass.exe[1328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012F0FEF
.text C:\WINDOWS\system32\lsass.exe[1328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012F0025
.text C:\WINDOWS\system32\lsass.exe[1328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012F0FD2
.text C:\WINDOWS\system32\lsass.exe[1328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012E0FEF
.text C:\WINDOWS\system32\lsass.exe[1328] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 012D0FE5
.text C:\WINDOWS\system32\lsass.exe[1328] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 012D000A
.text C:\WINDOWS\system32\lsass.exe[1328] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 012D0FD4
.text C:\WINDOWS\system32\lsass.exe[1328] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 012D0FB9
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02460FEF
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02460F6D
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02460F7E
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02460F9B
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02460FAC
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0246003D
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02460084
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02460073
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02460095
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02460F06
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02460ED7
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0246004E
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02460000
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02460F52
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02460022
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02460011
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02460F21
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0245002F
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02450076
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02450FDE
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0245000A
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02450065
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02450FEF
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02450054
.text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02450FCD
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0069
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FD4
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0029
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE003A
.text C:\WINDOWS\system32\svchost.exe[1600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0018
.text C:\WINDOWS\system32\svchost.exe[1600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED000A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60073
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60058
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60047
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60F8A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60FC0
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60098
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F52
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C600BA
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60F21
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60F06
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60FAF
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F63
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6002C
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60011
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C600A9
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FC3
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50F9E
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C5005B
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C5004A
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50039
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40056
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40031
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40FC1
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40020
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FD2
.text C:\WINDOWS\system32\svchost.exe[1656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 029A0FEF
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 029A0091
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 029A0F9C
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 029A0076
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 029A0FB9
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 029A0051
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 029A00AE
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 029A0F66
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029A0F30
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029A0F4B
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 029A00E4
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 029A0FCA
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 029A000A
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 029A0F77
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 029A002C
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 029A001B
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 029A00C9
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02990025
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02990FA5
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02990014
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02990FDE
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02990058
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02990FEF
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02990047
.text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02990036
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02980F9C
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!system 77C293C7 5 Bytes JMP 02980FB7
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02980016
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02980FEF
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02980027
.text C:\WINDOWS\System32\svchost.exe[1844] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02980FDE
.text C:\WINDOWS\System32\svchost.exe[1844] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02970FEF
.text C:\WINDOWS\System32\svchost.exe[1844] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 02960FE5
.text C:\WINDOWS\System32\svchost.exe[1844] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 02960FD4
.text C:\WINDOWS\System32\svchost.exe[1844] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 02960FC3
.text C:\WINDOWS\System32\svchost.exe[1844] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 02960014
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0065009A
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650FA5
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650FC0
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006500D2
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006500B7
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650F54
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F65
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650F39
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0065007D
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreatePipe

Edited by cher d, 21 January 2012 - 08:21 AM.


#5 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 January 2012 - 08:10 AM

.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0065002C
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006500E3
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0064001E
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640079
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FCD
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0064004A
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640039
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0063000C
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630F81
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FC1
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FA6
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FD2
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F4A
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70049
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70038
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70F6F
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7001B
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F08
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F7005A
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70086
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70EED
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70EC8
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70F8A
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F39
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70000
.text C:\WINDOWS\System32\svchost.exe[2100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F7006B
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60FDE
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60F94
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F6002F
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6005B
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60000
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F6004A
.text C:\WINDOWS\System32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FC3
.text C:\WINDOWS\System32\svchost.exe[2100] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50061
.text C:\WINDOWS\System32\svchost.exe[2100] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50050
.text C:\WINDOWS\System32\svchost.exe[2100] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F5002E
.text C:\WINDOWS\System32\svchost.exe[2100] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[2100] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F5003F
.text C:\WINDOWS\System32\svchost.exe[2100] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F5001D
.text C:\WINDOWS\System32\svchost.exe[2100] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F4000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03270000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03270F80
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03270075
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03270F9B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03270058
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03270FB6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 032700C1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03270F6F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03270F39
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 032700D2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03270F28
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0327003D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03270FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03270090
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03270022
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03270011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03270F5E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03260FBC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03260F97
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03260FCD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03260FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0326005E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03260FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03260043
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03260028
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01C5004E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] msvcrt.dll!system 77C293C7 5 Bytes JMP 01C50FCD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01C5002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01C50000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01C5003D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01C50011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3164] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01C40FEF
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0071
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F7C
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0054
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0F97
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FB2
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F46
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD008E
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD00CB
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00BA
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0F17
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0039
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0F61
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD001E
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0FCD
.text C:\WINDOWS\system32\svchost.exe[3776] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD009F
.text C:\WINDOWS\system32\svchost.exe[3776] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FB2
.text C:\WINDOWS\system32\svchost.exe[3776] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0043
.text C:\WINDOWS\system32\svchost.exe[3776] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0FC3
.text C:\WINDOWS\system32\svchost.exe[3776] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[3776] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0F86
.text C:\WINDOWS\system32\svchost.exe[3776] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[3776] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0028
.text C:\WINDOWS\system32\svchost.exe[3776] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0FA1
.text C:\WINDOWS\system32\svchost.exe[3776] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0F81
.text C:\WINDOWS\system32\svchost.exe[3776] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0F9C
.text C:\WINDOWS\system32\svchost.exe[3776] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FC1
.text C:\WINDOWS\system32\svchost.exe[3776] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[3776] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0016
.text C:\WINDOWS\system32\svchost.exe[3776] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0067
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0F72
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0F8D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD004A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F30
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0F4D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD00A4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0F0B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD0EFA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0078
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD0093
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FC0047
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FC0FDB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FC0036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FC001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FC0098
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FC0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FC007D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FC0062
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0042
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB0FAD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0FC8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0FEF
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[4192] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260056
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F6B
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260039
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F86
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0026007B
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F33
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260EEC
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260EFD
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260EDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260F97
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F50
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F18
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0035005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350040
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012DDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 012DDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01241CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360070
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] msvcrt.dll!system 77C293C7 5 Bytes JMP 0036005F
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0036003A
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0036001D
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 012E488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 01180000
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 0118001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 01180FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 01180FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4408] ws2_32.dll!socket 71AB4211 5 Bytes JMP 04130000
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A009D
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0080
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A006F
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00C9
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00B8
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0110
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00FF
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0135
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FCD
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A004A
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[4860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00E4
.text C:\WINDOWS\Explorer.EXE[4860] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FC0
.text C:\WINDOWS\Explorer.EXE[4860] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[4860] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[4860] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[4860] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F79
.text C:\WINDOWS\Explorer.EXE[4860] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[4860] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F94
.text C:\WINDOWS\Explorer.EXE[4860] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\Explorer.EXE[4860] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FAF
.text C:\WINDOWS\Explorer.EXE[4860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0049
.text C:\WINDOWS\Explorer.EXE[4860] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FB4
.text C:\WINDOWS\Explorer.EXE[4860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A001D
.text C:\WINDOWS\Explorer.EXE[4860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[4860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A002E
.text C:\WINDOWS\Explorer.EXE[4860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[4860] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[4860] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 002C0025
.text C:\WINDOWS\Explorer.EXE[4860] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[4860] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 002C0036
.text C:\WINDOWS\Explorer.EXE[4860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02BF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F57
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F72
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F83
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260036
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F1F
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260067
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260EE2
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260EF3
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260096
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F46
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260025
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F04
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F72
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350F83
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012DDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 012DDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01241CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360027
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0036000C
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 012E488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 01170FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 01170FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 0117000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 01170FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ws2_32.dll!socket 71AB4211 5 Bytes JMP 04030FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F50
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F61
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0026002F
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F72
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260085
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F3F
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F07
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002600A0
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600BB
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260060
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F22
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0035001B
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350036
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0036006E
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360038
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360053
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 009D0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 009D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 009D0025
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 009D0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[5692] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A00000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[3336] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00405995] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[3336] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004059CB] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009E18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009E18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB41342$\1238558892 0 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\bckfg.tmp 846 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\cfg.ini 199 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\keywords 179 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\L 0 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\L\aavmayqi 52480 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U 0 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB41342$\1238558892\U\80000032.@ 77312 bytes
File C:\WINDOWS\$NtUninstallKB41342$\2715435319 0 bytes

---- EOF - GMER 1.0.15 ----

Edited by cher d, 21 January 2012 - 08:19 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 21 January 2012 - 09:31 AM

You should be free from redirects now,but you still have infections which needs use of advanced tools

Read this

http://www.bleepingcomputer.com/forums/topic34773.html

Create a new topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#7 cher d

cher d
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 January 2012 - 10:04 AM

Will do. Thanks again.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 21 January 2012 - 10:29 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users