GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2010-08-20 04:04:04 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF7302E02] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7302E99] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7302DD8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF7302DEC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7302EAD] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7302ED9] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7302F47] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF7302F31] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF7302F5D] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7302E42] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7302E85] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7302D74] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7302D88] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF7302E16] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF7302FB1] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF7302F1B] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF7302F05] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7302EC3] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF7302F9D] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF7302F89] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF7302DC4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF7302DB0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7302EEF] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7302E71] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF7302F73] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7302E58] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7302E2C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP F7302E30 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP F7302E89 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F9 7 Bytes JMP F7302F09 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP F7302E06 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtSetInformationProcess 8056DDD9 5 Bytes JMP F7302DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP F7302E9D mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwQueryKey 80570C4A 7 Bytes JMP F7302FB5 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwEnumerateKey 80570F41 7 Bytes JMP F7302F4B mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP F7302D78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP F7302E1A mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP F7302EF3 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP F7302E5C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP F7302E46 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP F7302DF0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP F7302E75 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwEnumerateValueKey 80589A67 7 Bytes JMP F7302F35 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP F7302D8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP F7302EDD mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP F7302EB1 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwLoadKey2 805AECB8 7 Bytes JMP F7302F61 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP F7302DDC mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwSetContextThread 8062E057 5 Bytes JMP F7302DC8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwUnloadKey 8064DD32 7 Bytes JMP F7302F77 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E66B 7 Bytes JMP F7302F1F mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP F7302EC7 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwRestoreKey 8064EFDD 5 Bytes JMP F7302F8D mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwReplaceKey 8064F446 5 Bytes JMP F7302FA1 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F30FEF .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F30040 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F30F4B .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F30F68 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F30F79 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30F9E .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F30F15 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F30051 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F3009D .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F30F04 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F30EE9 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F3001B .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F3000A .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F30F26 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F30FB9 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F30FD4 .text C:\WINDOWS\System32\svchost.exe[176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F30082 .text C:\WINDOWS\System32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F20FB9 .text C:\WINDOWS\System32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F20F68 .text C:\WINDOWS\System32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F2000A .text C:\WINDOWS\System32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F20FD4 .text C:\WINDOWS\System32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F20F79 .text C:\WINDOWS\System32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F20FEF .text C:\WINDOWS\System32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F20025 .text C:\WINDOWS\System32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F20F94 .text C:\WINDOWS\System32\svchost.exe[176] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\System32\svchost.exe[176] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[316] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[316] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\system32\winlogon.exe[488] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\system32\winlogon.exe[488] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000 .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F8D .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070082 .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070FA8 .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070065 .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070039 .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F72 .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700AE .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700F0 .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700DF .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070101 .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0007004A .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FEF .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0007009D .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FC3 .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FDE .text C:\WINDOWS\system32\services.exe[532] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F61 .text C:\WINDOWS\system32\services.exe[532] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FC0 .text C:\WINDOWS\system32\services.exe[532] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060051 .text C:\WINDOWS\system32\services.exe[532] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006001B .text C:\WINDOWS\system32\services.exe[532] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060000 .text C:\WINDOWS\system32\services.exe[532] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060040 .text C:\WINDOWS\system32\services.exe[532] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF .text C:\WINDOWS\system32\services.exe[532] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060F94 .text C:\WINDOWS\system32\services.exe[532] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ 26, 88 ] .text C:\WINDOWS\system32\services.exe[532] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FAF .text C:\WINDOWS\system32\services.exe[532] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\system32\services.exe[532] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0FE5 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0058 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0F63 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF003D .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0F80 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FB6 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0F2D .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F3E .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF00BC .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00AB .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF0F12 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0F9B .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF0000 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0069 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0022 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0011 .text C:\WINDOWS\system32\lsass.exe[544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0090 .text C:\WINDOWS\system32\lsass.exe[544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0011 .text C:\WINDOWS\system32\lsass.exe[544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0F6F .text C:\WINDOWS\system32\lsass.exe[544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0000 .text C:\WINDOWS\system32\lsass.exe[544] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0FD4 .text C:\WINDOWS\system32\lsass.exe[544] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0F8A .text C:\WINDOWS\system32\lsass.exe[544] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0FEF .text C:\WINDOWS\system32\lsass.exe[544] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CE0022 .text C:\WINDOWS\system32\lsass.exe[544] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0F9B .text C:\WINDOWS\system32\lsass.exe[544] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\system32\lsass.exe[544] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F50FEF .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F50F8A .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F50075 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F50058 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F50FA5 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50036 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F500C1 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F5009A .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F500ED .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F500DC .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F50108 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F50047 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F50000 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F50F6F .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F50FCA .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F50011 .text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F50F5E .text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F40FCA .text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F40F79 .text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40FDB .text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40011 .text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F40F94 .text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F40000 .text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F40FAF .text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ 14, 89 ] .text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F40036 .text C:\WINDOWS\system32\svchost.exe[720] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\system32\svchost.exe[720] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20F4B .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F66 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F77 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20F9E .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FC0 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20080 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F3A .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20EF1 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F02 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20EE0 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20FAF .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C2000A .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20065 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20036 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20025 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C20F1D .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10040 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10FB2 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10025 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C1000A .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10FC3 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10FE5 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C10FD4 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ E1, 88 ] .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10051 .text C:\WINDOWS\system32\svchost.exe[788] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\system32\svchost.exe[788] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[828] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[828] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[884] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[884] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\Program Files\McAfee\MPF\MPFSrv.exe[904] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\Program Files\McAfee\MPF\MPFSrv.exe[904] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03350FE5 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03350F6F .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03350064 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03350053 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03350F8A .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03350FAF .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03350F2F .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03350F4A .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03350EE8 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03350F03 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03350EC3 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03350036 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03350FCA .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03350075 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03350011 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03350000 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03350F14 .text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03340025 .text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03340F8A .text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03340FD4 .text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03340000 .text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03340051 .text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03340FEF .text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03340FAF .text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ 54, 8B ] .text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03340036 .text C:\WINDOWS\System32\svchost.exe[924] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\System32\svchost.exe[924] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\System32\svchost.exe[924] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 029F0FEF .text C:\WINDOWS\System32\svchost.exe[924] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 029F000A .text C:\WINDOWS\System32\svchost.exe[924] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 029F0FDE .text C:\WINDOWS\System32\svchost.exe[924] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 029F002F .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[932] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[932] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C0FEF .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C0F3A .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C0F5F .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C0F70 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C0F8D .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0FB9 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C004A .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C0F02 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C0065 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C0ECC .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008C0080 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008C0FA8 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008C0000 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008C0F29 .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008C0FCA .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008C001B .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008C0EDD .text C:\WINDOWS\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B0FD4 .text C:\WINDOWS\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B0F8A .text C:\WINDOWS\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B001B .text C:\WINDOWS\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B000A .text C:\WINDOWS\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008B0051 .text C:\WINDOWS\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008B0FEF .text C:\WINDOWS\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008B0FAF .text C:\WINDOWS\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ AB, 88 ] .text C:\WINDOWS\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008B0036 .text C:\WINDOWS\System32\svchost.exe[968] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\System32\svchost.exe[968] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[996] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[996] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\Program Files\BroadJump\Client Foundation\CFD.exe[1048] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\Program Files\BroadJump\Client Foundation\CFD.exe[1048] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E70000 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E70069 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E70058 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E70047 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E70036 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E70F9E .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E700BC .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E7009F .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E700F2 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E700D7 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E7010D .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E70025 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E70FE5 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E70084 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E70FAF .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E70FCA .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E70F59 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E60FCA .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E60F9E .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E60FDB .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E60011 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E60FB9 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E60000 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E60051 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E60036 .text C:\WINDOWS\system32\svchost.exe[1064] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\system32\svchost.exe[1064] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02D00FEF .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02D00067 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02D00F72 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02D00040 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02D00F83 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02D00F9E .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02D0009F .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02D00F57 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02D00F32 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02D000CB .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02D00F17 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02D0002F .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02D00FD4 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02D00078 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02D00FB9 .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02D0000A .text C:\WINDOWS\Explorer.EXE[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02D000BA .text C:\WINDOWS\Explorer.EXE[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01500FEF .text C:\WINDOWS\Explorer.EXE[1236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01500FB2 .text C:\WINDOWS\Explorer.EXE[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01500040 .text C:\WINDOWS\Explorer.EXE[1236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01500025 .text C:\WINDOWS\Explorer.EXE[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01500FC3 .text C:\WINDOWS\Explorer.EXE[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01500000 .text C:\WINDOWS\Explorer.EXE[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01500FD4 .text C:\WINDOWS\Explorer.EXE[1236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ 70, 89 ] .text C:\WINDOWS\Explorer.EXE[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01500065 .text C:\WINDOWS\Explorer.EXE[1236] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 014D0000 .text C:\WINDOWS\Explorer.EXE[1236] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 014D0011 .text C:\WINDOWS\Explorer.EXE[1236] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 014D0FDB .text C:\WINDOWS\Explorer.EXE[1236] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 014D0FB6 .text C:\WINDOWS\Explorer.EXE[1236] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\Explorer.EXE[1236] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe[1420] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe[1420] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\System32\msdtc.exe[1452] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\System32\msdtc.exe[1452] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1660] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1660] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1692] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\Program Files\McAfee.com\Agent\mcagent.exe[1692] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F77 .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE006C .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE005B .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE004A .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0025 .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE008E .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE007D .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0EFF .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F1A .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00B3 .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FA8 .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE000A .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F5C .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FB9 .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FD4 .text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F2B .text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FB9 .text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0F6B .text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FD4 .text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FE5 .text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0F7C .text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0000 .text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BD0F97 .text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ DD, 88 ] .text C:\WINDOWS\System32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FA8 .text C:\WINDOWS\System32\svchost.exe[1844] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BA0FEF .text C:\WINDOWS\System32\svchost.exe[1844] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BA0FD4 .text C:\WINDOWS\System32\svchost.exe[1844] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BA000A .text C:\WINDOWS\System32\svchost.exe[1844] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BA0FB9 .text C:\WINDOWS\System32\svchost.exe[1844] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\System32\svchost.exe[1844] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC000A .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC006E .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F79 .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F8A .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0047 .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0036 .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC009C .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC008B .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00C1 .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F28 .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0F0D .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FA5 .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0025 .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0F5E .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FD4 .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FE5 .text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F43 .text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0036 .text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0FAF .text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0025 .text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB000A .text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB006C .text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0FEF .text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FCA .text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ DB, 88 ] .text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0051 .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1888] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1888] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F8000A .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F8007D .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F8006C .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F8005B .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80F9E .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80FB9 .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F6D .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F800B5 .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80F41 .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80F52 .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F800EB .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F8004A .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F80FE5 .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F8008E .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80FD4 .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80025 .text C:\WINDOWS\System32\dllhost.exe[1916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F800D0 .text C:\WINDOWS\System32\dllhost.exe[1916] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F70FA8 .text C:\WINDOWS\System32\dllhost.exe[1916] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F70039 .text C:\WINDOWS\System32\dllhost.exe[1916] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F70FC3 .text C:\WINDOWS\System32\dllhost.exe[1916] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F70FD4 .text C:\WINDOWS\System32\dllhost.exe[1916] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F70F7C .text C:\WINDOWS\System32\dllhost.exe[1916] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F70FE5 .text C:\WINDOWS\System32\dllhost.exe[1916] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F70F97 .text C:\WINDOWS\System32\dllhost.exe[1916] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ 17, 89 ] .text C:\WINDOWS\System32\dllhost.exe[1916] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F7001E .text C:\WINDOWS\System32\dllhost.exe[1916] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\System32\dllhost.exe[1916] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF000A .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F7E .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0073 .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0062 .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0FAF .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0036 .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF009F .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF008E .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF00F0 .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF00CB .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F3C .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0051 .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0FEF .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF0F63 .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FCA .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0025 .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF00BA .text C:\WINDOWS\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FC3 .text C:\WINDOWS\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0F8D .text C:\WINDOWS\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE0014 .text C:\WINDOWS\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0FD4 .text C:\WINDOWS\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE004A .text C:\WINDOWS\System32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0FEF .text C:\WINDOWS\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FE002F .text C:\WINDOWS\System32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE0FA8 .text C:\WINDOWS\System32\alg.exe[2984] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\WINDOWS\System32\alg.exe[2984] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1] .text C:\Program Files\Mozilla Firefox\firefox.exe[3768] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3768] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040] .data C:\Program Files\Mozilla Firefox\firefox.exe[3768] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1] ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) ---- EOF - GMER 1.0.14 ----