Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

google redirecting to wrong site

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

google redirecting to wrong site

Unread postby inneedofhelp » April 5th, 2009, 9:00 pm

here is my HJT log, appreciate any help I can get. Tried multiple anti-virus and anti-malware programs with no success.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:57 PM, on 4/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alltel\GoBoingo\AlltelWifi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N4 - Mozilla: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\Marshall Thomson\\My Documents\\My Pictures\\album art");
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.13");
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, GB2312, ISO-8859-2, windows-1252, UTF-8");
user_pref("ldap_2.prefs_migrated", true);
user_pref("ldap_2.servers.history.filena
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [GoBoingo] C:\Program Files\Alltel\GoBoingo\AlltelWifi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail ... nPUpld.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 17599 bytes
inneedofhelp
Active Member
 
Posts: 8
Joined: April 5th, 2009, 8:56 pm
Advertisement
Register to Remove

Re: google redirecting to wrong site

Unread postby Shaba » April 12th, 2009, 3:52 am

Hi inneedofhelp

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: google redirecting to wrong site

Unread postby inneedofhelp » April 12th, 2009, 1:26 pm

32 Bit HP CIO Components Installer
5 Card Slingo from Hewlett-Packard Laptops (remove only)
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.1.0
AIM 6
AIM Toolbar 5.0
Alltel Wi-Fi Connection Software
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AutoCAD 2005 - English
Autodesk DWF Viewer
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
BlackBerry Desktop Software 4.3
BlackBerry Desktop Software 4.3
BlackBerry Device Software Updater
BlackBerry Media Sync
BlackBerry USB Drivers
BlackBerry® Media Sync
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bonjour
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant HD Audio
CopySafe Plugin
Costco Photo Organizer
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from Hewlett-Packard Laptops (remove only)
Customer Experience Enhancement
DataPilot
DataPilot USB Driver Pack
DivX Content Uploader
DivX Web Player
Easy Internet Sign-up
ESPNMotion
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
Form Fill (Windows Live Toolbar)
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 10.0
hp photosmart 7900 series
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 3.0
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Rhapsody
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HP User Guides 0011
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
ieSpell 2.2.0 (build 647)
ImgBurn
ImTOO DVD to iPod Converter 5
ImTOO iPod Computer Transfer
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
Intel(R) PRO Network Connections Drivers
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
Macromedia Shockwave Player
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.8)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
MySpaceIM
Netscape Browser (remove only)
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
OCR Software by I.R.I.S. 10.0
Office 2003 Trial Assistant
OneCare Advisor (Windows Live Toolbar)
Otto
Outlook Express Repair - ScanDBX
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Popup Blocker (Windows Live Toolbar)
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick Launch Buttons 5.20 F2
Quicken 2006
QuickLink Mobile
QuickTime
RealPlayer
Rhapsody
Roxio Media Manager
Safari
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shop for HP Supplies
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Smart Menus (Windows Live Toolbar)
Snowboard SuperJam
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy
Spyware Terminator
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Weather Channel Desktop 6
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Converter Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WinZip 12.0
Wireless Home Network Setup
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zuma Deluxe from Hewlett-Packard Laptops (remove only)
inneedofhelp
Active Member
 
Posts: 8
Joined: April 5th, 2009, 8:56 pm

Re: google redirecting to wrong site

Unread postby Shaba » April 12th, 2009, 2:04 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent DNA

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

[b]Please run a new uninstall list scan when finished and post the log back here.[/b
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: google redirecting to wrong site

Unread postby inneedofhelp » April 12th, 2009, 2:28 pm

32 Bit HP CIO Components Installer
5 Card Slingo from Hewlett-Packard Laptops (remove only)
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.1.0
AIM 6
AIM Toolbar 5.0
Alltel Wi-Fi Connection Software
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AutoCAD 2005 - English
Autodesk DWF Viewer
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
BlackBerry Desktop Software 4.3
BlackBerry Desktop Software 4.3
BlackBerry Device Software Updater
BlackBerry Media Sync
BlackBerry USB Drivers
BlackBerry® Media Sync
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bonjour
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant HD Audio
CopySafe Plugin
Costco Photo Organizer
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from Hewlett-Packard Laptops (remove only)
Customer Experience Enhancement
DataPilot
DataPilot USB Driver Pack
DivX Content Uploader
DivX Web Player
Easy Internet Sign-up
ESPNMotion
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
Form Fill (Windows Live Toolbar)
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 10.0
hp photosmart 7900 series
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 3.0
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Rhapsody
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HP User Guides 0011
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
ieSpell 2.2.0 (build 647)
ImgBurn
ImTOO DVD to iPod Converter 5
ImTOO iPod Computer Transfer
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
Intel(R) PRO Network Connections Drivers
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
Macromedia Shockwave Player
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.8)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
MySpaceIM
Netscape Browser (remove only)
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
OCR Software by I.R.I.S. 10.0
Office 2003 Trial Assistant
OneCare Advisor (Windows Live Toolbar)
Otto
Outlook Express Repair - ScanDBX
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Popup Blocker (Windows Live Toolbar)
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick Launch Buttons 5.20 F2
Quicken 2006
QuickLink Mobile
QuickTime
RealPlayer
Rhapsody
Roxio Media Manager
Safari
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shop for HP Supplies
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Smart Menus (Windows Live Toolbar)
Snowboard SuperJam
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy
Spyware Terminator
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Weather Channel Desktop 6
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Converter Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WinZip 12.0
Wireless Home Network Setup
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zuma Deluxe from Hewlett-Packard Laptops (remove only)
inneedofhelp
Active Member
 
Posts: 8
Joined: April 5th, 2009, 8:56 pm

Re: google redirecting to wrong site

Unread postby Shaba » April 12th, 2009, 2:41 pm

Uninstall also this:

Coupon Printer for Windows

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other unning programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: google redirecting to wrong site

Unread postby inneedofhelp » April 12th, 2009, 3:44 pm

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-04-12 12:36:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcessEx
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwEnumerateKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwEnumerateValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwNotifyChangeKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwQueryKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwQueryMultipleValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwQueryValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwReplaceKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRestoreKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetContextThread
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetInformationProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnloadKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys NtSetInformationProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A8965478 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A896544E \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP A896548E \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP A89654A4 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP A8965462 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP A89653D4 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP A89653E8 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP A8965426 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP A8965410 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 1 Byte [ E9 ]
PAGE ntkrnlpa.exe!ZwCreateProcess + 2 805D11FA 3 Bytes [ 41, 39, 28 ]
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP A896543A \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP A89654BD \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP A8965551 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP A896553B \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP A89655A9 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP A8965567 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP A896550F \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP A89654E5 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP A89654F9 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP A8965525 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP A8965593 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP A896557D \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP A89654D1 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP A89655FB \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP A89655D3 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP A89655E7 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP A89655BF \SystemRoot\system32\drivers\mfehidk.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01410000
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [ E9 ]
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!VirtualProtectEx + 2 7C801A63 3 Bytes [ F4, C0, 84 ]
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01410F8A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01410F9B
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01410058
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0141002C
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01410081
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01410F39
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014100B7
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01410F1E
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01410F03
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0141003D
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01410FE5
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01410F54
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01410FCA
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0141001B
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01410092
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01400039
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01400F97
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01400FDE
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0140000A
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01400FB2
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01400FEF
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01400FC3
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 60, 89 ]
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0140004A
.text C:\WINDOWS\system32\services.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013E0000
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01060FEF
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01060F35
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01060F46
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01060F57
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01060F68
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01060F8D
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01060073
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01060062
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01060098
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01060F09
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 010600A9
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0106000A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01060FD4
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01060045
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01060F9E
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01060FC3
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01060F1A
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01050025
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01050F79
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01050FD4
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01050000
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01050F94
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01050FE5
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01050FAF
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 25, 89 ]
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01050036
.text C:\WINDOWS\system32\lsass.exe[1000] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D50067
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D50F68
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D50F83
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D50F9E
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D50FC0
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D50F4D
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D50095
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D500CB
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D50F32
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D50F17
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D50FAF
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D5000A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D50078
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D5002C
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D5001B
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D500A6
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D40022
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D40058
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D40011
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D40F9B
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D4003D
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D40FAC
.text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F20F97
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F2008C
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F20065
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F20FB2
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F2004A
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F20F44
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F20F6B
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F200D3
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F200B8
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F200E4
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F20FC3
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F20FDE
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F20F7C
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F2002F
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F20014
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F200A7
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F10040
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F1007D
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F10025
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F1006C
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F10FD4
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 11, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F1005B
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02800FEF
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0280007D
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02800062
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02800051
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02800F94
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02800FB9
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028000B5
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02800F6D
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028000D0
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02800F37
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 028000EB
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02800040
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02800FD4
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02800098
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0280001B
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0280000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02800F48
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 018B002C
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 018B0F94
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 018B001B
inneedofhelp
Active Member
 
Posts: 8
Joined: April 5th, 2009, 8:56 pm

Re: google redirecting to wrong site

Unread postby inneedofhelp » April 12th, 2009, 3:44 pm

.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 018B0FDB
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 018B0FA5
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 018B0000
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 018B0FC0
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ AB, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 018B0047
.text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01880000
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02790000
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02790011
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02790FE5
.text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 0279002C
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0089
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0078
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0067
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0040
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F5E
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00A6
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00C8
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00B7
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F0A
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F79
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F39
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0029002F
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290F97
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FA8
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0029004A
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FB9
.text C:\WINDOWS\system32\svchost.exe[1500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00960FE5
.text C:\WINDOWS\system32\svchost.exe[1500] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\svchost.exe[1500] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00EA001B
.text C:\WINDOWS\system32\svchost.exe[1500] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00EA0036
.text C:\WINDOWS\system32\svchost.exe[1500] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00EA0FDB
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660F57
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660F72
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0066004C
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660F8D
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660FB2
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00660F46
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0066008E
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006600A9
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00660F10
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00660EF5
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0066002F
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00660FDE
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00660071
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00660FC3
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00660014
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00660F2B
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00650087
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C9008C
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C90071
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90F97
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90054
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C90FB2
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C90F57
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C90F72
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C900DF
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C900C4
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C90F2B
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C90039
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C9009D
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C9001E
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeA
7C860B7C 5 Bytes JMP 00C90FC3
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C90F46
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A1006C
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A10025
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A10014
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A1005B
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00A10FB9
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ C1, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A10040
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1660] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\system32\svchost.exe[1660] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00A20FD4
.text C:\WINDOWS\system32\svchost.exe[1660] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00A2000A
.text C:\WINDOWS\system32\svchost.exe[1660] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00A20FAF
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA0F3D
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA0F4E
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA0F6B
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0F86
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA0FB2
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA0F1B
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA0F2C
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA0ED4
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA0EE5
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00EA0EB9
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00EA0FA1
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EA0014
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00EA0057
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00EA0FC3
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00EA0FDE
.text C:\WINDOWS\explorer.exe[1964] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00EA0F0A
.text C:\WINDOWS\explorer.exe[1964] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D2002F
.text C:\WINDOWS\explorer.exe[1964] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D20076
.text C:\WINDOWS\explorer.exe[1964] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D20014
.text C:\WINDOWS\explorer.exe[1964] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D20FD4
.text C:\WINDOWS\explorer.exe[1964] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D20FAF
.text C:\WINDOWS\explorer.exe[1964] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\explorer.exe[1964] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D20051
.text C:\WINDOWS\explorer.exe[1964] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D20040
.text C:\WINDOWS\explorer.exe[1964] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D3000A
.text C:\WINDOWS\explorer.exe[1964] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\explorer.exe[1964] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D30FDE
.text C:\WINDOWS\explorer.exe[1964] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D30FC3
.text C:\WINDOWS\explorer.exe[1964] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0047
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F5C
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F79
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0F8A
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0FC0
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F06
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0058
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0073
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0EDA
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00AD0EBF
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00AD0FAF
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AD0FE5
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00AD0F2D
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00AD002C
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00AD0EF5
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00AC0FAF
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00AC002F
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00AC0FC0
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00AC0F72
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00AC0F83
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ CC, 88 ]
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00AC0F9E
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F61
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0060
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0045
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F7C
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0087
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F3F
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F09
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F24
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0EEE
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F50
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[2420] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00A2
.text C:\WINDOWS\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290036
.text C:\WINDOWS\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290087
.text C:\WINDOWS\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FE5
.text C:\WINDOWS\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FCA
inneedofhelp
Active Member
 
Posts: 8
Joined: April 5th, 2009, 8:56 pm

Re: google redirecting to wrong site

Unread postby inneedofhelp » April 12th, 2009, 3:45 pm

.text C:\WINDOWS\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0029006C
.text C:\WINDOWS\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290047
.text C:\WINDOWS\system32\svchost.exe[2420] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B000A
.text C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe[2952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
.text C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe[2952] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A006C
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0051
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F6D
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0036
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00A4
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0087
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F26
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00C9
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00E4
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\svchost.exe[3284] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F41
.text C:\WINDOWS\system32\svchost.exe[3284] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290011
.text C:\WINDOWS\system32\svchost.exe[3284] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029004E
.text C:\WINDOWS\system32\svchost.exe[3284] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FC0
.text C:\WINDOWS\system32\svchost.exe[3284] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\svchost.exe[3284] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0029003D
.text C:\WINDOWS\system32\svchost.exe[3284] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\svchost.exe[3284] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290F9B
.text C:\WINDOWS\system32\svchost.exe[3284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\system32\svchost.exe[3284] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290022
.text C:\WINDOWS\system32\svchost.exe[3284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0082
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A005B
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00C1
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00A4
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F43
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F5E
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F32
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0093
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\dllhost.exe[3832] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00DC
.text C:\WINDOWS\system32\dllhost.exe[3832] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A0036
.text C:\WINDOWS\system32\dllhost.exe[3832] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A0FA5
.text C:\WINDOWS\system32\dllhost.exe[3832] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\dllhost.exe[3832] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\dllhost.exe[3832] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0FB6
.text C:\WINDOWS\system32\dllhost.exe[3832] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[3832] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002A0058
.text C:\WINDOWS\system32\dllhost.exe[3832] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\dllhost.exe[3832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C200A2
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20FAD
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20087
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C200D0
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C200BF
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C200F2
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F63
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C20F3E
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C20062
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20F92
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[4016] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C200E1
.text C:\WINDOWS\system32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C10FAF
.text C:\WINDOWS\system32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C10F8A
.text C:\WINDOWS\system32\svchost.exe[4016] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[4016] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[4016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0F68
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F83
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD005B
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0F9E
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F32
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0F4D
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD009F
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0EFC
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BD00BA
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BD0078
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BD0025
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BD0014
.text C:\WINDOWS\system32\svchost.exe[4036] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BD0F17
.text C:\WINDOWS\system32\svchost.exe[4036] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\svchost.exe[4036] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BC0F91
.text C:\WINDOWS\system32\svchost.exe[4036] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BC0FDB
.text C:\WINDOWS\system32\svchost.exe[4036] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BC0011
.text C:\WINDOWS\system32\svchost.exe[4036] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BC0058
.text C:\WINDOWS\system32\svchost.exe[4036] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[4036] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BC0047
.text C:\WINDOWS\system32\svchost.exe[4036] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F66
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F77
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A005B
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A002F
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0093
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F4B
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00DD
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00C2
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00EE
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A004A
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0076
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[5192] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\system32\svchost.exe[5192] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\svchost.exe[5192] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290F8A
.text C:\WINDOWS\system32\svchost.exe[5192] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\svchost.exe[5192] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\svchost.exe[5192] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FA5
.text C:\WINDOWS\system32\svchost.exe[5192] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\svchost.exe[5192] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290047
.text C:\WINDOWS\system32\svchost.exe[5192] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290036
.text C:\WINDOWS\system32\svchost.exe[5192] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0000
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F88
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B007D
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B006C
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F5C
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F6D
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!CreateProcessW 7C802336 1 Byte [ E9 ]
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!CreateProcessW + 2 7C802338 3 Bytes [ EB, 9A, 83 ]
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F4B
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B00EE
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B0098
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B0FDB
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[5736] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B00C9
.text C:\WINDOWS\system32\wuauclt.exe[5736] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[5736] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0040
.text C:\WINDOWS\system32\wuauclt.exe[5736] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[5736] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[5736] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0F83
.text C:\WINDOWS\system32\wuauclt.exe[5736] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[5736] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\wuauclt.exe[5736] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B0F94
.text C:\WINDOWS\system32\wuauclt.exe[5736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003D0FE5

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Inbox\401c8c8dfd352f2.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Inbox\401c8c8dfd352f2.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1882261657-3489921092-439791870-1005$201c8c8df42ee88.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1882261657-3489921092-439791870-1005$201c8c8df42ee88.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\Marshall Thomson\Desktop\bank\Bank of America Home Personal.URL:favicon
ADS C:\Documents and Settings\Marshall Thomson\Local Settings\Application Data\Microsoft\Messenger\marshall_thomson@hotmail.com\SharingMetadata\sb_hope2004@hotmail.com\DFSR\Staging\CS{7C4F182B-3A33-5C5C-C971-AB74BA7AC716}\01\10-{7C4F182B-3A33-5C5C-C971-AB74BA7AC716}-v1-{8033A691-E73B-49A2-929C-0663605C2E6F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Marshall Thomson\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Deleted Items\0120759A-0000001D.eml:OEStandardProperty
ADS C:\Documents and Settings\Marshall Thomson\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Deleted Items\074D4DC8-0000000E.eml:OEStandardProperty
ADS C:\Documents and Settings\Marshall Thomson\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Deleted Items\0FBF2F14-0000003D.eml:OEStandardProperty
ADS C:\Documents and Settings\Marshall Thomson\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Deleted Items\121F73DA-00000030.eml:OEStandardProperty
ADS C:\Documents and Settings\Marshall Thomson\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Deleted Items\12E1798B-0000002F.eml:OEStandardProperty
ADS ...

---- EOF - GMER 1.0.12 ----
inneedofhelp
Active Member
 
Posts: 8
Joined: April 5th, 2009, 8:56 pm

Re: google redirecting to wrong site

Unread postby Shaba » April 12th, 2009, 3:47 pm

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: google redirecting to wrong site

Unread postby inneedofhelp » April 12th, 2009, 4:01 pm

With McAfee Disabled, Combofix crashed my computer within 5 seconds of opening the program.
inneedofhelp
Active Member
 
Posts: 8
Joined: April 5th, 2009, 8:56 pm

Re: google redirecting to wrong site

Unread postby Shaba » April 13th, 2009, 3:03 am

Does it work OK after reboot?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: google redirecting to wrong site

Unread postby inneedofhelp » April 13th, 2009, 6:00 pm

Shaba wrote:Does it work OK after reboot?


No, it shut down the computer and gives me the blue screen again, The blue screen was not up for very long, all I read is that Windows detected an error.......
inneedofhelp
Active Member
 
Posts: 8
Joined: April 5th, 2009, 8:56 pm

Re: google redirecting to wrong site

Unread postby Shaba » April 14th, 2009, 12:00 am

Then please tap F8 in boot before windows logo comes up and choose last known good configuration from upcoming menu.

Let me know if it helped.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: google redirecting to wrong site

Unread postby Shaba » April 19th, 2009, 4:49 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware