GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Message on my computer: Windows Security Alert :Infiltration Alert Threat

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Tue Jul 14, 2009 2:25 pm

Spyware Alert message has appeared on my computer screen. It says that my computer is being attacked by an Internet Virus. The threats I saw listed were Win32/Nuqel.E and Bankerfox.A. Different port numbers and attack ports keep appearing. A new message pops up every few minutes saying something like cannot be executed. ssvagent is infected. How do I get rid of the virus and will how will I know what damage it has done?
I do have McAfee installed, but did not receive any alerts from it. The messages that appear are Windows Security Alerts.

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Tue Jul 14, 2009 4:52 pm

Hello EElias1211,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.


Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\winlogon.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Tue Jul 14, 2009 5:36 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:42 PM, on 7/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vspc1000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe
C:\Windows\VPro1000.exe
C:\Users\Cokey&Elisha\AppData\Local\Apps\2.0\2A9YE0P8.K97\EZ7YGRMJ.TMR\tuto..tion_ef3f7ddf758b3b90_0001.0000_4445e948ccfacfe8\TutorABC_Helper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [spc1000] C:\Windows\vspc1000.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: TutorABC_helper.appref-ms
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = ?
O4 - Global Startup: VPro1000.lnk = ?
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: *.'http
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted IP range: [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c99951c2abb760) (gupdate1c99951c2abb760) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11674 bytes

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Tue Jul 14, 2009 5:37 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:42 PM, on 7/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vspc1000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe
C:\Windows\VPro1000.exe
C:\Users\Cokey&Elisha\AppData\Local\Apps\2.0\2A9YE0P8.K97\EZ7YGRMJ.TMR\tuto..tion_ef3f7ddf758b3b90_0001.0000_4445e948ccfacfe8\TutorABC_Helper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [spc1000] C:\Windows\vspc1000.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: TutorABC_helper.appref-ms
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = ?
O4 - Global Startup: VPro1000.lnk = ?
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: *.'http
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted IP range: [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c99951c2abb760) (gupdate1c99951c2abb760) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11674 bytes

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Tue Jul 14, 2009 5:46 pm


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
    R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
    O1 - Hosts: ::1 localhost
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL
    O4 - HKLM..Run: [MyWebSearch Plugin] rundll32 C:PROGRA~1MYWEBS~1bar1.binM3PLUGIN.DLL,UPF
    O4 - HKLM..Run: [My Web Search Bar Search Scope Monitor] "C:PROGRA~1MYWEBS~1bar1.binm3SrchMn.exe" /m=2 /w
    O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
    O15 - Trusted Zone: *.'http
    O15 - Trusted Zone: [You must be registered and logged in to see this link.]
    O15 - Trusted Zone: [You must be registered and logged in to see this link.]
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:PROGRA~1MYWEBS~1bar1.binmwssvc.exe


  • Press "Fix Checked"
  • Close Hijack This.


Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Tue Jul 14, 2009 7:39 pm

After I restarted my computer as directed I ran another scan. I copied and pasted the message below.
Thank you very much origin.


Malwarebytes' Anti-Malware 1.39
Database version: 2428
Windows 6.0.6001 Service Pack 1

7/14/2009 3:37:31 PM
mbam-log-2009-07-14 (15-37-31).txt

Scan type: Quick Scan
Objects scanned: 87370
Time elapsed: 16 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Tue Jul 14, 2009 9:19 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 15, 2009 2:47 am

I have been trying to download combofix since we last spoke and finally seemed to have it until I got the following message when I was expecting to see the prompts
It appeared in a box labeled Administrator:
'c,bat' is not recognized as an internal or external command, operable program or batch file.

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Belahzur on Wed Jul 15, 2009 2:36 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 15, 2009 8:25 pm

I have copied and pasted text below. Thank you again for all your help.
E

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2007 1:22:30 AM
System Uptime: 7/15/2009 3:37:03 AM (13 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket AM2 | 1000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 292 GiB total, 244.943 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.59 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
3DVIA player 4.1
4200
4200_Help
4200Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
BufferChm
Business Plan Pro 2007
C4100
c4100_Help
Choice Guard
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CutePDF Professional 3.5 (Evaluation)
Destinations
DHTML Editing Component
DIG Game Manager
Disney's 102 Dalmatians Puppies to the Rescue
DivX
DivX Web Player
DocProc
DocProcQFolder
Driver Detective
Enhanced Multimedia Keyboard Solution
eSupportQFolder
EZ Calendar
Fax
Free Natural Text to Speech Reader 2008
Google Chrome
Google Desktop Search
Google Earth
Google Earth Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graboid Video 1.5
Hardware Diagnostic Tools
HijackThis 2.0.2
HomeMeeting JoinNet 5.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 8.0
HP Driver Diagnostics
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Picasso Media Center Add-In
HP Product Detection
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HPProductAssistant
HPSSupply
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 14
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
JumpStart Advanced Language Club
JumpStart Advanced School Time
JumpStart Art for Fun
LBT Preschool Adventure
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
MarketResearch
Match Gems 1.0
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.0.11)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
My HP Games
NVIDIA Drivers
OcxSetup
Philips SPC1000NC Webcam
Philips VLounge
PokerStars.net
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
Scan
Security Update for CAPICOM (KB931906)
Shop for HP Supplies
Skype™ 3.8
Smart Steps Kindergarten
Soft Data Fax Modem with SmartCP
SolutionCenter
Sony Picture Utility
Spyware Doctor 6.0
Status
Toolbox
TrayApp
TutorABC_Helper
UltimateBet
UnloadSupport
VideoLAN VLC media player 0.8.6d
WebReg
WexTech AnswerWorks
Windows Driver Package - Philips (SPC1000) Image (07/06/2007 5.8.8.028)
Windows Driver Package - Philips CE (phaudlwr) MEDIA (06/19/2007 1.0.0.7)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WordBiz version 1.8

==== End Of File ===========================

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Thu Jul 16, 2009 4:13 pm

Hello, I need to see the DDS.txt as well.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Thu Jul 16, 2009 11:22 pm

I believe I have attached half of the required text below. The red writing said the posted message is too big so I'll send it in two parts.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Cokey&Elisha at 16:11:22.42 on Wed 07/15/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.894.151 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\vspc1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe
C:\Windows\VPro1000.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Cokey&Elisha\AppData\Local\Apps\2.0\2A9YE0P8.K97\EZ7YGRMJ.TMR\tuto..tion_ef3f7ddf758b3b90_0001.0000_4445e948ccfacfe8\TutorABC_Helper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cokey&Elisha\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: []

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Thu Jul 16, 2009 11:24 pm

mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [spc1000] c:\windows\vspc1000.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\cokey&elisha\appdata\roaming\microsoft\windows\start menu\programs\startup\TutorABC_helper.appref-ms
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paloal~1.lnk - c:\windows\installer\{6b2d979e-216d-43a4-bae2-71a185922ca1}\NewShortcut1.BDD3527A_D6D6_4DD6_AEAD_6B5236DA8F67.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpro1000.lnk - c:\windows\VPro1000.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
Trusted Zone: 1075wjzz.com\www
Trusted Zone: geekpolice.net\www
Trusted Zone: gscs.org\gscs-exchange
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - [You must be registered and logged in to see this link.]
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\cokey&~1\appdata\roaming\mozilla\firefox\profiles\ctddtrru.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npjnjplug.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-15 00:00 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 00:00 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 00:00 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 00:00 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-14 22:40 --d----- C:\Combo-Fix
2009-07-14 22:40 318,976 a------- c:\windows\system32\CF10908.exe
2009-07-14 22:39 318,976 a------- c:\windows\system32\CF10510.exe
2009-07-14 22:37 318,976 a------- c:\windows\system32\cmd.execf
2009-07-14 22:34 318,976 a------- c:\windows\system32\CF9700.exe
2009-07-14 18:29 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-07-14 18:28 a-d----- c:\programdata\TEMP
2009-07-14 18:28 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-07-14 18:28 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-14 18:28 --d----- c:\program files\common files\PC Tools
2009-07-14 18:28 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-07-14 18:27 --d----- c:\users\cokey&~1\appdata\roaming\PC Tools
2009-07-14 18:27 --d----- c:\programdata\PC Tools
2009-07-14 18:27 --d----- c:\program files\Spyware Doctor
2009-07-14 18:27 --d----- c:\progra~2\PC Tools
2009-07-14 14:01 --d----- c:\users\cokey&~1\appdata\roaming\Malwarebytes
2009-07-14 13:33 --d----- c:\program files\Trend Micro
2009-07-14 11:37 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-14 11:37 --d----- c:\programdata\Malwarebytes
2009-07-14 11:37 --d----- c:\progra~2\Malwarebytes
2009-07-14 11:37 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-14 11:37 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 19:48 --d----- c:\program files\Mozilla ActiveX Control v1.7.12
2009-07-08 10:24 --d----- c:\program files\common files\xing shared
2009-06-23 16:15 --d----- C:\SmartDraw 2009

==================== Find3M ====================

2009-07-10 22:27 76,968 a------- c:\users\cokey&~1\appdata\roaming\GDIPFONTCACHEV1.DAT
2009-06-24 17:06 1,055,414 a------- c:\users\cokey&elisha\xobglu32.dll
2009-06-24 17:06 63,488 a------- c:\users\cokey&elisha\xobglu16.dll
2009-06-14 11:32 1,590 a------- c:\windows\EReg515.dat
2009-06-08 09:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 09:00 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 09:00 51,200 a------- c:\windows\inf\infpub.dat
2009-05-27 00:18 148,955 a------- c:\windows\hpoins19.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-30 08:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-30 08:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-23 07:08 56 a---h--- c:\programdata\ezsidmv.dat
2009-04-23 07:08 56 a---h--- c:\progra~2\ezsidmv.dat
2009-04-22 16:08 130,912 a------- c:\windows\hpoins18.dat
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-03 05:22 174 a--sh--- c:\program files\desktop.ini
2009-01-03 05:00 665,600 a------- c:\windows\inf\drvindex.dat
2007-05-10 18:46 108 a------- c:\users\cokey&~1\appdata\roaming\wklnhst.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:19:09.71 ===============

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Fri Jul 17, 2009 6:41 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u




Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\autorun.inf


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Sat Jul 18, 2009 4:44 pm

When I click start there is no run box appearing. I don't know where I should copy/paste the bold type to?

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Sat Jul 18, 2009 9:07 pm

I see you are running Vista, on your keyboard find the windows logo key, it should be between the Ctrl and Alt keys, once you find press and hold the windows logo key and R Now the run command should appear, type the above and then do the following:

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\Combo-Fix
    c:\windows\system32\CF10908.exe
    c:\windows\system32\CF10510.exe
    c:\windows\system32\cmd.execf
    c:\windows\system32\CF9700.exe



  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Sun Jul 19, 2009 8:15 pm

I followed the direction and found the run command. I copied and paste the bold ComboFix /u into the box and got the follwing message:

Windows cannot find 'ComboFix'. Make sure you typed the name correctly, and then try again.

I tried typing in the command, but got the same message. My computer is running much slower since the initial problem.

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Mon Jul 20, 2009 3:35 pm

Please do the following:

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from [You must be registered and logged in to see this link.].
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Mon Jul 20, 2009 11:31 pm

I was not able to download the RootRepeal.zip because the following message appeared:
The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal.

Elisha

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Tue Jul 21, 2009 5:14 am

I tried downloading the RootRepeal again and got through.
The scan was moving thorough the stealth objects tab when the following message appeared:
RootRepeal Error
Attempt to read from address Oxffffffff

Then another message appeared:
RootRepeal has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

I scanned one tab at a time and saved them separately to the desktop. I have pasted the ones I saved below.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/21 00:34
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8C8D7000 Size: 40960 File Visible: No Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x8C8E1000 Size: 118784 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\Windows\system32\Drivers\mchInjDrv.sys
Address: 0x9F13E000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9F16A000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Tue Jul 21, 2009 5:16 am

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/21 00:34
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{12d7d378-70d0-11de-9a6b-001a92526439}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5317395e-72f8-11de-9774-001a92526439}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{66e32bc5-7598-11de-87a1-001a92526439}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{79301706-710f-11de-8b7a-001a92526439}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Users\Cokey&Elisha\Documents\My Music
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_588445e3d272feb1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_4180b46a5c473b6d\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_41c5708575991d81\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_4303a14a59b89802\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_43f08fdb728b6c28\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_325856a50f01ab0d\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_329d12c028538d21\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_c8df4fb390304286\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_c9240bcea982249a\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_ca623c938da19f1b\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_cb4f2b24a6747341\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_35b5d7ed0b402f09\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16625_none_bcf1d858c1bcf70c\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16724_none_bcf0d9f4c1bddadc\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16784_none_bcaffa6cc1ee8282\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16856_none_bcd26caac1d45e84\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\$$DeleteMe.wininet.dll.01ca0742562cb92a.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Tue Jul 21, 2009 5:17 am

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18248_none_b4bfde47d6e3201d\$$DeleteMe.urlmon.dll.01ca074259a238aa.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.16720_none_ce96043fcba4732e\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.20883_none_b7ce1ae3e546b821\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.18000_none_ce6fff97cbf74c86\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.18111_none_ce70e8f5cbf67fcf\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.22230_none_b7a55991e59bf8e2\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.16720_none_c214589825a8fd4b\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.20883_none_ab4c6f3c3f4b423e\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18000_none_c1ee53f025fbd6a3\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18111_none_c1ef3d4e25fb09ec\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.22230_none_ab23adea3fa082ff\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_c1843fad322b4004\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_c1c8fbc84b7d2218\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_c3072c8d2f9c9c99\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_c3f41b1e486f70bf\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_36a2c67e2413032f\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_3432eb0d0dced274\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_3477a7282720b488\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.16708_none_080e70cf835a2dc3\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.20864_none_08532cea9cac0fd7\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.18096_none_09915daf80cb8a58\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.22208_none_0a7e4c40999e5e7e\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\$$DeleteMe.iertutil.dll.01ca074256c7728a.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20750_none_bd5603eddaf76bf6\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20889_none_bd3e98a9db07a0ff\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20969_none_bd543a67daf76644\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.21051_none_bd56e025daf6b2dd\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6001.18000_none_bee8b564bed7d168\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NETFramework\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\0000\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Locked to the Windows API!

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.197.gthr
Status: Allocation size mismatch (API: 576, Raw: 0)

Path: C:\Users\Cokey&Elisha\AppData\Local\Apps\2.0\2A9YE0P8.K97\EZ7YGRMJ.TMR\manifests\TutorABC_Helper.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Cokey&Elisha\AppData\Local\Apps\2.0\2A9YE0P8.K97\EZ7YGRMJ.TMR\manifests\TutorABC_Helper.exe.manifest
Status: Locked to the Windows API!

Path: C:\Users\Cokey&Elisha\AppData\Local\Apps\2.0\2A9YE0P8.K97\EZ7YGRMJ.TMR\manifests\TutorABC_Helper.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Cokey&Elisha\AppData\Local\Apps\2.0\2A9YE0P8.K97\EZ7YGRMJ.TMR\manifests\TutorABC_Helper.manifest
Status: Locked to the Windows API!

Path: C:\Users\Cokey&Elisha\AppData\Local\Apps\2.0\2A9YE0P8.K97\EZ7YGRMJ.TMR\manifests\TutorABC_Helper.XmlSerializers.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Cokey&Elisha\AppData\Local\Apps\2.0\2A9YE0P8.K97\EZ7YGRMJ.TMR\manifests\TutorABC_Helper.XmlSerializers.manifest
Status: Locked to the Windows API!

Path: C:\Users\Cokey&Elisha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Cokey&Elisha\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\G3H28QJB\adisneyparks.disney.go.com\media\disneyparks\en_US\media\home\flash\content\registration
Status: Locked to the Windows API!

==EOF==

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Tue Jul 21, 2009 5:17 am

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/21 00:55
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1228 Status: Locked to the Windows API!

==EOF==
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/21 00:57
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

SSDT
-------------------
#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x807de282

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x807de474

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x807ddf32

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x807de67c

==EOF==

When the scan was running through Stealth Objects when a message appeared. It said:
RootRepeal Error
Attempt to read 0x00310039
Another two attempts to scan the the Stealth Objects gave me the RootRepeal Errors for 0x00000006 and 0x9b50b60

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/21 01:03

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/21 01:05
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

==EOF==


Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

==EOF==

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Tue Jul 21, 2009 5:19 am

I tried to scan the stealth objects again at this point, but received error messages for:
0xfffffff9
0xe07589dc
0x00000003

Thank you for all you are doing to help me.

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Tue Jul 21, 2009 7:55 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:09 am

GMER 1.0.15.14972 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-21 23:04:18
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x831DD282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x831DD474]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x831DCF32]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x831DD67C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8D9DE9C0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8D9DE9FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8D9DEA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8D9DE930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8D9DE944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8D9DE9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8D9DEA69]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8D9DEA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8D9DE9AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8D9DE998]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8D9DEA14]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8D9DE9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8263318C 5 Bytes JMP 8D9DE9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetTimerEx + 43C 826C4A00 8 Bytes [82, D2, 1D, 83, 74, D4, 1D, ...] {ADC DL, 0x1d; XOR DWORD [ESP+EDX*8+0x1d], -0x7d}
.text ntkrnlpa.exe!KeSetTimerEx + 854 826C4E18 4 Bytes [32, CF, 1D, 83]
.text ntkrnlpa.exe!KeSetTimerEx + 918 826C4EDC 4 Bytes [7C, D6, 1D, 83]
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 827CD17C 5 Bytes JMP 8D9DEA45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 8280E1CA 5 Bytes JMP 8D9DE948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 8281DB06 5 Bytes JMP 8D9DE934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8283071E 7 Bytes JMP 8D9DEA02 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82830D75 5 Bytes JMP 8D9DEA18 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 82832F86 5 Bytes JMP 8D9DE9C4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 82840644 5 Bytes JMP 8D9DE99C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8284289E 7 Bytes JMP 8D9DE9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 82861402 5 Bytes JMP 8D9DEA59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8286244E 5 Bytes JMP 8D9DEA6D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 828A0C7B 5 Bytes JMP 8D9DE9B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\VPro1000.exe[320] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\VPro1000.exe[320] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\VPro1000.exe[320] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:10 am

.text C:\Windows\VPro1000.exe[320] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\VPro1000.exe[320] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\VPro1000.exe[320] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\VPro1000.exe[320] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\VPro1000.exe[320] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\csrss.exe[576] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[576] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[576] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[628] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[636] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[636] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[636] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 001600A3
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00160088
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00160F28
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00160F39
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00160063
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00160FAF
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00160F8A
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0016002C
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00160F6F
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0016003D
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00160011
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00160F5E
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00160F17
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00160000
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00160FE5
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00160FC0
.text C:\Windows\system32\services.exe[672] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 001600B4
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00130F9E
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00130FD4
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00130FEF
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00130FC3
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 0013005B
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00130025
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00130014
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00130036
.text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00150042
.text C:\Windows\system32\services.exe[672] msvcrt.dll!system 76A88B63 5 Bytes JMP 00150FB7
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 0015001D
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00150FEF
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00150FD2
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 0015000C
.text C:\Windows\system32\services.exe[672] WS2_32.dll!socket 778136D1 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00200F42
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00200087
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 002000B3
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 002000A2

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:10 am

.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00200F78
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00200FCA
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00200F93
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0020005B
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00200F5D
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00200FB9
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00200040
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 0020006C
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00200F02
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00200FEF
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00200000
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00200025
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00200F1D
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 001E0F97
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 001E0FA8
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 001E002F
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 001E004A
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 001E0FCA
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 001E0000
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 001E0FB9
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 001F0F9A
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!system 76A88B63 5 Bytes JMP 001F0025
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 001F0FBC
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 001F0FE3
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 001F0FAB
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 001F0000
.text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsass.exe[700] WS2_32.dll!socket 778136D1 5 Bytes JMP 004B0FEF
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00950F35
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00950084
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 009500BA
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00950F1A
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00950F89
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00950FAF
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00950062
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0095002C
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00950F6E
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00950047
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00950073
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00950F09
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00950FD4

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:11 am

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00950095
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00370F9E
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!system 76A88B63 5 Bytes JMP 00370FC3
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00370022
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00370033
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00370FDE
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00360065
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00360FC3
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00360054
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00360FA8
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00360014
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00360FDE
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 0036002F
.text C:\Windows\system32\svchost.exe[900] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[900] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[900] WS2_32.dll!socket 778136D1 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 006900E0
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 006900CF
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00690102
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 006900F1
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00690092
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00690076
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00690FB9
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 006900AD
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0069005B
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00690FCA
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 006900BE
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00690113
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0069000A
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00690040
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00690F76
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00600031
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!system 76A88B63 5 Bytes JMP 00600016
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00600FC1
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00600FA6
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00600FDE
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00170040
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00170025
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00170F9E
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00170F83
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00170FC3
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00170FD4
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00170014
.text C:\Windows\system32\svchost.exe[960] WS2_32.dll!socket 778136D1 5 Bytes JMP 006A0FE5
.text C:\Windows\system32\svchost.exe[960] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[960] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:12 am

.text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00660F5E
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00660F6F
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00660F32
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00660F43
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00660FAC
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 0066003D
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00660085
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0066004E
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00660F9B
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0066005F
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00660FC7
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00660F80
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00660F21
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 0066001B
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0066000A
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 0066002C
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 006600BE
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 0065003D
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!system 76A88B63 5 Bytes JMP 0065002C
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00650FCD
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00650FEF
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00650FBC
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00650FDE
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 0063006F
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00630FDE
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 0063000A
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00630FCD
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00630080
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 0063002F
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00630FEF
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 0063004A
.text C:\Windows\System32\svchost.exe[996] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[996] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[996] WS2_32.dll!socket 778136D1 5 Bytes JMP 00730FEF
.text C:\Windows\System32\svchost.exe[996] wininet.dll!InternetOpenA 7656D6C0 5 Bytes JMP 01270000
.text C:\Windows\System32\svchost.exe[996] wininet.dll!InternetOpenW 7656DB39 5 Bytes JMP 0127001B
.text C:\Windows\System32\svchost.exe[996] wininet.dll!InternetOpenUrlA 7656F3D4 5 Bytes JMP 01270FE5
.text C:\Windows\System32\svchost.exe[996] wininet.dll!InternetOpenUrlW 765B6DD7 5 Bytes JMP 0127002C
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 005E0087
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 005E0F42
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 005E00AC
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 005E0F16
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 005E0F6E
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 005E0FAF
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 005E0047
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 005E002C
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 005E0062
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 005E0F8A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 005E001B
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 005E0F5D
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 005E0EFB
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 005E0FD4

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:12 am

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 005E0FE5
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 005E000A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 005E0F27
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 005D003F
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!system 76A88B63 5 Bytes JMP 005D0FBE
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 005D0FE3
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 005D000C
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 005D002E
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 005D001D
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 005C005B
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 005C0FB9
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 005C0FEF
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 005C004A
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 005C0076
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 005C000A
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 005C0FD4
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 005C0025
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1084] WS2_32.dll!socket 778136D1 5 Bytes JMP 005F000A
.text C:\Windows\ehome\ehmsas.exe[1116] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00970F35
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 0097007A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00970EFF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00970095
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00970F46
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00970FB2
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00970F61
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00970F7C
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 0097003A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0097001E
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00970FA1
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 0097005F
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00970EE4
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00970FD4
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00970FEF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00970FC3
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00970F1A
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 008E0033
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!system 76A88B63 5 Bytes JMP 008E0FA8
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 008E0022
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 008E0FEF
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 008E0FC3
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 008E0FDE
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 008C0084

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:12 am

.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 008C0058
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 008C0000
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 008C0069
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 008C0FBD
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 008C002C
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 008C0011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 008C003D
.text C:\Windows\System32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1148] WS2_32.dll!socket 778136D1 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 01110065
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 01110F20
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 011100AC
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 01110091
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 01110F71
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 01110FD4
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 01110F82
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 01110FA8
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 01110F56
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0111004A
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 01110FC3
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 01110F3B
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 01110EFB
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 01110FEF
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0111000A
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 0111001B
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 01110076
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 01100038
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!system 76A88B63 5 Bytes JMP 01100FAD
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 0110000C
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 01100FEF
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 0110001D
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 01100FDE
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 010E0051
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 010E001B
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 010E0FEF
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 010E0040
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 010E0F94
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 010E000A
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 010E0FD4
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 010E0FAF
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1176] WS2_32.dll!socket 778136D1 5 Bytes JMP 01120000
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1216] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1216] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1216] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:13 am

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 008000BD
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 008000AC
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 008000F3
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 008000D8
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00800F9D
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00800051
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00800FAE
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00800FDB
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00800F8C
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00800FCA
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 0080006C
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00800091
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 0080010E
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00800025
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0080000A
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00800040
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00800F5D
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 007F0FA3
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!system 76A88B63 5 Bytes JMP 007F002E
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 007F001D
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 007F0FEF
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 007F0FBE
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 007F0000
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00170F86
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00170FA8
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00170FE5
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00170F97
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00170043
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00170FC3
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00170FD4
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00170014
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1256] WS2_32.dll!socket 778136D1 5 Bytes JMP 00810000
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00980F1E
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00980F39
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00980EE8
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00980F03
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00980048
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00980037
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00980F8A
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00980F54
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00980F6F
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 0098001B
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00980063
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00980099
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00980FD4
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00980FEF

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:14 am

.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00980FB9
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 0098007E
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00970058
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!system 76A88B63 5 Bytes JMP 00970FCD
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00970FDE
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 0097000C
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 0097003D
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00150062
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00150FC0
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00150FE5
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00150047
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00150FA5
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 0015001B
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00150000
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 0015002C
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1316] WS2_32.dll!socket 778136D1 5 Bytes JMP 00990FE5
.text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenA 7656D6C0 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenW 7656DB39 5 Bytes JMP 00960FD4
.text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenUrlA 7656F3D4 5 Bytes JMP 00960FB9
.text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenUrlW 765B6DD7 5 Bytes JMP 00960FA8
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1472] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1472] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1472] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00FA00A9
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00FA0098
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00FA00F0
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00FA00DF
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00FA0F6E
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00FA0FAF
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00FA0051
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00FA001B
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00FA006C
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00FA0040

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:14 am

.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00FA0F94
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00FA007D
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00FA0F49
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00FA000A
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00FA0FE5
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00FA0FD4
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00FA00C4
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wsystem 76A88A47 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00F9004B
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!system 76A88B63 5 Bytes JMP 00F90FC0
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00F90FE5
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00F90000
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00F9003A
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00F90029
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 009F0F6B
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 009F0F8D
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 009F0F7C
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 009F0F50
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 009F0FC3
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 009F0FD4
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 009F0FA8
.text C:\Windows\system32\svchost.exe[1504] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1504] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1504] WS2_32.dll!socket 778136D1 5 Bytes JMP 00FB0FEF
.text C:\Windows\RtHDVCpl.exe[1616] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00C90F57
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00C900A6
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00C90F35
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00C900C1
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00C9006D
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00C90FDB
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00C90F94
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00C90047
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00C90F83
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00C90FA5
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00C90FC0
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00C90F72
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00C90F24
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00C9001B
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00C9000A
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00C9002C
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00C90F46
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00BF0062
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!system 76A88B63 5 Bytes JMP 00BF0047

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:15 am

.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00BF0FD7
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00BF0000
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00BF002C
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00BF0011
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 0024007D
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00240051
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00240062
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00240098
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00240FE5
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 0024001B
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00240036
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1628] WS2_32.dll!socket 778136D1 5 Bytes JMP 00CB0000
.text C:\Windows\system32\taskeng.exe[1668] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\System32\spoolsv.exe[1708] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 02360F31
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 02360F42
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 023600BD
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 023600A2
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 02360F6E
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 02360036
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 02360051
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 02360FAF
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 02360062
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 02360F94
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 02360FC0
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 02360F5D
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 023600CE
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 0236000A
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 02360FEF
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 0236001B
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 02360091
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 02350042

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:16 am

.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!system 76A88B63 5 Bytes JMP 02350031
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 02350FD2
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 02350FE3
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 02350FC1
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 02350000
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 02100FA8
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 0210004A
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 02100000
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 02100FC3
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 02100F97
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 02100025
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 02100FE5
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 02100FD4
.text C:\Windows\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1732] WS2_32.dll!socket 778136D1 5 Bytes JMP 023B0000
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\taskeng.exe[1940] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1940] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[1940] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2044] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2044] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2044] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2100] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2100] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2100] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[2108] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[2108] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[2108] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 002500C4
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 002500B3
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00250F53
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00250F64
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 0025007D
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00250040
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 0025006C

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:16 am

.text C:\Windows\Explorer.EXE[2160] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00250FCA
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00250F89
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00250FB9
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00250051
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00250098
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00250104
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00250FEF
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00250000
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 0025002F
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 002500DF
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00210FA5
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00210FC0
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00210000
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00210047
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00210F8A
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00210011
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00210FE5
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00210022
.text C:\Windows\Explorer.EXE[2160] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[2160] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00240F7F
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!system 76A88B63 5 Bytes JMP 00240F9A
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00240FB5
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00240FEF
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00240000
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00240FC6
.text C:\Windows\Explorer.EXE[2160] WS2_32.dll!socket 778136D1 5 Bytes JMP 036B0FEF
.text C:\Windows\Explorer.EXE[2160] WININET.dll!InternetOpenA 7656D6C0 5 Bytes JMP 03680FEF
.text C:\Windows\Explorer.EXE[2160] WININET.dll!InternetOpenW 7656DB39 5 Bytes JMP 03680FDE
.text C:\Windows\Explorer.EXE[2160] WININET.dll!InternetOpenUrlA 7656F3D4 5 Bytes JMP 03680014
.text C:\Windows\Explorer.EXE[2160] WININET.dll!InternetOpenUrlW 765B6DD7 5 Bytes JMP 03680FB9
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2276] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2276] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2276] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 0082009C
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00820081
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 008200AD
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00820F17
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00820F7C
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00820FBC
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 0082005F
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00820FA1
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00820070
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00820039

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:17 am

.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00820028
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00820F57
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00820EFC
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00820FDE
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00820FEF
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00820FCD
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00820F3C
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00810042
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!system 76A88B63 5 Bytes JMP 00810FC1
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 0081000C
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00810FEF
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00810031
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00810FDE
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00800FD4
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 0080006C
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 0080000A
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00800FE5
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00800FC3
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00800036
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 0080001B
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00800051
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2312] WS2_32.dll!socket 778136D1 5 Bytes JMP 00830000
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2332] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2332] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2332] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\vspc1000.exe[2432] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00850F20
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00850065
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00850091
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00850076
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00850F4C
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00850FA5
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00850F68
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00850F79
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00850F3B
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00850025
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00850F94
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 0085004A
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 008500AC
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00850000
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00850FEF
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00850FCA
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00850EFB

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:17 am

.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00800FA3
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!system 76A88B63 5 Bytes JMP 00800FBE
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 0080002E
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00800000
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00800FCF
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00800011
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 007F0087
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 007F0051
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 007F0FEF
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 007F006C
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 007F0FC0
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 007F001B
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 007F000A
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 007F0040
.text C:\Windows\System32\svchost.exe[2492] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2492] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2492] WS2_32.dll!socket 778136D1 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 008B0F2F
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 008B0074
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 008B00B1
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 008B0096
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 008B0063
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 008B0FC0
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 008B0F8A
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 008B0F6F
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 008B0047
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 008B0FA5
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 008B0F54
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 008B0F00
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 008B0FE5
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 008B0011
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 008B0085
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00860053
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!system 76A88B63 5 Bytes JMP 00860038
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00860FC8
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00860027
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00860000
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00850FAF
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 0085000A
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 0085005B
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 0085006C
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00850036
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 0085001B
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00850FDB
.text C:\Windows\system32\svchost.exe[2512] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2512] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2512] WS2_32.dll!socket 778136D1 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\SearchProtocolHost.exe[2536] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:18 am

.text C:\Windows\system32\SearchProtocolHost.exe[2536] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[2536] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2548] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2548] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2548] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2604] kernel32.dll!CreateThread + 1A 76B246E2 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] kernel32.dll!CreateThread + 1A 76B246E2 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00FE00A5
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00FE0094
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00FE00D1
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00FE0F3B
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00FE005E
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00FE0FC3
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00FE0F90
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00FE0FB2
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00FE006F
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00FE0FA1
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00FE002F
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00FE0F60
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00FE0F20
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00FE0FD4
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00FE00B6
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00FD0F92
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!system 76A88B63 5 Bytes JMP 00FD0FA3
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00FD0FC8
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00FD0000
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00FD001D
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00FD0FE3
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00FC0080
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00FC0FD4
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00FC0000
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00FC005B
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00FC0091
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00FC0FEF
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00FC0025
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00FC004A
.text C:\Windows\system32\svchost.exe[2740] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2740] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2740] WS2_32.dll!socket 778136D1 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\rundll32.exe[2788] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:18 am

.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 001700C4
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00170F7F
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 001700DF
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00170F49
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 0017007D
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00170FCA
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 0017006C
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0017004A
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00170098
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0017005B
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00170FB9
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 001700A9
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 001700F0
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00170025
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00170F5A
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00160FA8
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!system 76A88B63 5 Bytes JMP 00160FC3
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00160FDE
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00160FEF
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00160033
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00160018
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00150FCD
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00150054
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00150000
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 0015006F
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00150080
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00150025
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00150FDE
.text C:\Windows\System32\svchost.exe[2816] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2816] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2816] WS2_32.dll!socket 778136D1 5 Bytes JMP 00200FEF
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\SearchIndexer.exe[2872] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[2872] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchIndexer.exe[2872] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\WUDFHost.exe[2940] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[2940] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\WUDFHost.exe[2940] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2984] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2984] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2984] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:19 am

.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[3116] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[3116] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[3116] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3140] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\hp\KBD\kbd.exe[3620] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\hp\support\hpsysdrv.exe[3732] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:20 am

.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\iPod\bin\iPodService.exe[4224] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[4224] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[4224] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4736] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4736] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4736] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5504] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5504] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5504] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\SearchFilterHost.exe[5720] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchFilterHost.exe[5720] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchFilterHost.exe[5720] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745B7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745F98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745BD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745AF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:20 am

IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745B7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745AE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745EB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745BD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745B012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745B0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745A71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7463D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745D75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745ADAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745A668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745A66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745B1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2604] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2724] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2724] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Wed Jul 22, 2009 3:23 am

The file was too big so I sent the scan results in 20 separate messages as copied from the word document I saved it on.

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Thu Jul 23, 2009 7:16 pm

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Fri Jul 24, 2009 6:41 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 24, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 24, 2009 14:15:28
Records in database: 2525759
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 187657
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:26:30

No malware has been detected. The scan area is clean.

The selected area was scanned.

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on Fri Jul 24, 2009 6:44 pm

Please download [You must be registered and logged in to see this link.]

  • Next run the file; *Note: If running vista right click and select run as administrator
  • Once opened, navigate to the log tab and select all the areas including the hidden objects only box and click on the create log button
  • A scan will start and then a window will pop up with two options, select scan all drives
  • Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on Mon Jul 27, 2009 12:06 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: 8E04F000
Module End: 8E059000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvstor32.sys
Service Name: ---
Module Base: 8E059000
Module End: 8E076000
Hidden: Yes

Module Name: \??\C:\Windows\system32\Drivers\mchInjDrv.sys
Service Name: ---
Module Base: 9EF3E000
Module End: 9EF3F000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateProcess
Address: 807DA282
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwCreateProcessEx
Address: 807DA474
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwTerminateProcess
Address: 807D9F32
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwCreateUserProcess
Address: 807DA67C
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwYieldExecution
At Address: 8286E18C
Jump To: 8C9DB9EE
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwUnmapViewOfSection
At Address: 82A6BD75
Jump To: 8C9DBA18
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwSetInformationProcess
At Address: 82A7B644
Jump To: 8C9DB99C
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwSetContextThread
At Address: 82ADBC7B
Jump To: 8C9DB9B0
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwRestoreKey
At Address: 82A9C402
Jump To: 8C9DBA59
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwReplaceKey
At Address: 82A9D44E
Jump To: 8C9DBA6D
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwProtectVirtualMemory
At Address: 82A7D89E
Jump To: 8C9DB9D8
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenThread
At Address: 82A491CA
Jump To: 8C9DB948
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenProcess
At Address: 82A58B06
Jump To: 8C9DB934
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwNotifyChangeKey
At Address: 82A0817C
Jump To: 8C9DBA45
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwMapViewOfSection
At Address: 82A6B71E
Jump To: 8C9DBA02
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateFile
At Address: 82A6DF86
Jump To: 8C9DB9C4
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: PsSetContextThread
At Address: 82ADBC7B
Jump To: 8C9DB9B0
Module Name: C:\Windows\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: COKEYELISHA:49165
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: COKEYELISHA:27015
Remote Address: LOCALHOST:49165
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: COKEYELISHA:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: COKEYELISHA:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52185
Remote Address: SPYNETTEST.MICROSOFT.COM:HTTPS
Type: TCP
Process: C:\Program Files\Windows Defender\MSASCui.exe
State: ESTABLISHED

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52164
Remote Address: 198.78.220.126:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52161
Remote Address: 198.78.220.126:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52149
Remote Address: 24.143.193.42:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52006
Remote Address: 208.49.52.75:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COKEYELISHA:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: COKEYELISHA:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: COKEYELISHA:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: COKEYELISHA:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: COKEYELISHA:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: COKEYELISHA:6646
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
State: LISTENING

Local Address: COKEYELISHA:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COKEYELISHA:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COKEYELISHA:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: COKEYELISHA:65278
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:62551
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: COKEYELISHA:59261
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: COKEYELISHA:57114
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe
State: NA

Local Address: COKEYELISHA:54042
Remote Address: NA
Type: UDP
Process: C:\Windows\HelpPane.exe
State: NA

Local Address: COKEYELISHA:50714
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: COKEYELISHA:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:65277
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:6646
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COKEYELISHA:58259
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COKEYELISHA:54618
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COKEYELISHA:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

EElias1211
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2009-07-14
OS : vista
Points : 27035
# Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum