Message on my computer: Windows Security Alert :Infiltration Alert Threat

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:09 am

GMER 1.0.15.14972 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-21 23:04:18
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x831DD282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x831DD474]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x831DCF32]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x831DD67C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8D9DE9C0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8D9DE9FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8D9DEA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8D9DE930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8D9DE944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8D9DE9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8D9DEA69]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8D9DEA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8D9DE9AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8D9DE998]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8D9DEA14]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8D9DE9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8263318C 5 Bytes JMP 8D9DE9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetTimerEx + 43C 826C4A00 8 Bytes [82, D2, 1D, 83, 74, D4, 1D, ...] {ADC DL, 0x1d; XOR DWORD [ESP+EDX*8+0x1d], -0x7d}
.text ntkrnlpa.exe!KeSetTimerEx + 854 826C4E18 4 Bytes [32, CF, 1D, 83]
.text ntkrnlpa.exe!KeSetTimerEx + 918 826C4EDC 4 Bytes [7C, D6, 1D, 83]
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 827CD17C 5 Bytes JMP 8D9DEA45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 8280E1CA 5 Bytes JMP 8D9DE948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 8281DB06 5 Bytes JMP 8D9DE934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8283071E 7 Bytes JMP 8D9DEA02 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82830D75 5 Bytes JMP 8D9DEA18 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 82832F86 5 Bytes JMP 8D9DE9C4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 82840644 5 Bytes JMP 8D9DE99C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8284289E 7 Bytes JMP 8D9DE9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 82861402 5 Bytes JMP 8D9DEA59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8286244E 5 Bytes JMP 8D9DEA6D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 828A0C7B 5 Bytes JMP 8D9DE9B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\VPro1000.exe[320] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\VPro1000.exe[320] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\VPro1000.exe[320] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:10 am

.text C:\Windows\VPro1000.exe[320] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\VPro1000.exe[320] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\VPro1000.exe[320] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\VPro1000.exe[320] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\VPro1000.exe[320] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\csrss.exe[576] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[576] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[576] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[628] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[636] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[636] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[636] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 001600A3
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00160088
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00160F28
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00160F39
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00160063
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00160FAF
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00160F8A
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0016002C
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00160F6F
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0016003D
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00160011
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00160F5E
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00160F17
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00160000
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00160FE5
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00160FC0
.text C:\Windows\system32\services.exe[672] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 001600B4
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00130F9E
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00130FD4
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00130FEF
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00130FC3
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 0013005B
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00130025
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00130014
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00130036
.text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00150042
.text C:\Windows\system32\services.exe[672] msvcrt.dll!system 76A88B63 5 Bytes JMP 00150FB7
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 0015001D
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00150FEF
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00150FD2
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 0015000C
.text C:\Windows\system32\services.exe[672] WS2_32.dll!socket 778136D1 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00200F42
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00200087
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 002000B3
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 002000A2

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:10 am

.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00200F78
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00200FCA
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00200F93
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0020005B
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00200F5D
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00200FB9
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00200040
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 0020006C
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00200F02
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00200FEF
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00200000
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00200025
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00200F1D
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 001E0F97
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 001E0FA8
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 001E002F
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 001E004A
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 001E0FCA
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 001E0000
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 001E0FB9
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 001F0F9A
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!system 76A88B63 5 Bytes JMP 001F0025
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 001F0FBC
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 001F0FE3
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 001F0FAB
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 001F0000
.text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsass.exe[700] WS2_32.dll!socket 778136D1 5 Bytes JMP 004B0FEF
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00950F35
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00950084
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 009500BA
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00950F1A
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00950F89
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00950FAF
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00950062
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0095002C
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00950F6E
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00950047
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00950073
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00950F09
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00950FD4

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:11 am

.text C:\Windows\system32\svchost.exe[900] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00950095
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00370F9E
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!system 76A88B63 5 Bytes JMP 00370FC3
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00370022
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00370033
.text C:\Windows\system32\svchost.exe[900] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00370FDE
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00360065
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00360FC3
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00360054
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00360FA8
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00360014
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00360FDE
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 0036002F
.text C:\Windows\system32\svchost.exe[900] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[900] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[900] WS2_32.dll!socket 778136D1 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 006900E0
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 006900CF
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00690102
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 006900F1
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00690092
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00690076
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00690FB9
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 006900AD
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0069005B
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00690FCA
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 006900BE
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00690113
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0069000A
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00690040
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00690F76
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00600031
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!system 76A88B63 5 Bytes JMP 00600016
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00600FC1
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00600FA6
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00600FDE
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00170040
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00170025
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00170F9E
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00170F83
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00170FC3
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00170FD4
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00170014
.text C:\Windows\system32\svchost.exe[960] WS2_32.dll!socket 778136D1 5 Bytes JMP 006A0FE5
.text C:\Windows\system32\svchost.exe[960] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[960] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:12 am

.text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00660F5E
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00660F6F
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00660F32
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00660F43
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00660FAC
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 0066003D
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00660085
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0066004E
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00660F9B
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0066005F
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00660FC7
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00660F80
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00660F21
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 0066001B
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0066000A
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 0066002C
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 006600BE
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 0065003D
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!system 76A88B63 5 Bytes JMP 0065002C
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00650FCD
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00650FEF
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00650FBC
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00650FDE
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 0063006F
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00630FDE
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 0063000A
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00630FCD
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00630080
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 0063002F
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00630FEF
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 0063004A
.text C:\Windows\System32\svchost.exe[996] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[996] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[996] WS2_32.dll!socket 778136D1 5 Bytes JMP 00730FEF
.text C:\Windows\System32\svchost.exe[996] wininet.dll!InternetOpenA 7656D6C0 5 Bytes JMP 01270000
.text C:\Windows\System32\svchost.exe[996] wininet.dll!InternetOpenW 7656DB39 5 Bytes JMP 0127001B
.text C:\Windows\System32\svchost.exe[996] wininet.dll!InternetOpenUrlA 7656F3D4 5 Bytes JMP 01270FE5
.text C:\Windows\System32\svchost.exe[996] wininet.dll!InternetOpenUrlW 765B6DD7 5 Bytes JMP 0127002C
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 005E0087
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 005E0F42
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 005E00AC
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 005E0F16
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 005E0F6E
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 005E0FAF
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 005E0047
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 005E002C
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 005E0062
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 005E0F8A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 005E001B
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 005E0F5D
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 005E0EFB
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 005E0FD4

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:12 am

.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 005E0FE5
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 005E000A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 005E0F27
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 005D003F
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!system 76A88B63 5 Bytes JMP 005D0FBE
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 005D0FE3
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 005D000C
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 005D002E
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 005D001D
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 005C005B
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 005C0FB9
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 005C0FEF
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 005C004A
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 005C0076
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 005C000A
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 005C0FD4
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 005C0025
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1084] WS2_32.dll!socket 778136D1 5 Bytes JMP 005F000A
.text C:\Windows\ehome\ehmsas.exe[1116] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\ehome\ehmsas.exe[1116] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00970F35
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 0097007A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00970EFF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00970095
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00970F46
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00970FB2
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00970F61
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00970F7C
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 0097003A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0097001E
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00970FA1
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 0097005F
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00970EE4
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00970FD4
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00970FEF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00970FC3
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00970F1A
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 008E0033
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!system 76A88B63 5 Bytes JMP 008E0FA8
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 008E0022
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 008E0FEF
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 008E0FC3
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 008E0FDE
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 008C0084

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:12 am

.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 008C0058
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 008C0000
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 008C0069
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 008C0FBD
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 008C002C
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 008C0011
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 008C003D
.text C:\Windows\System32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1148] WS2_32.dll!socket 778136D1 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 01110065
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 01110F20
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 011100AC
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 01110091
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 01110F71
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 01110FD4
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 01110F82
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 01110FA8
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 01110F56
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0111004A
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 01110FC3
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 01110F3B
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 01110EFB
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 01110FEF
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0111000A
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 0111001B
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 01110076
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 01100038
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!system 76A88B63 5 Bytes JMP 01100FAD
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 0110000C
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 01100FEF
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 0110001D
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 01100FDE
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 010E0051
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 010E001B
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 010E0FEF
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 010E0040
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 010E0F94
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 010E000A
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 010E0FD4
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 010E0FAF
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1176] WS2_32.dll!socket 778136D1 5 Bytes JMP 01120000
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1216] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1216] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1216] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:13 am

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1252] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 008000BD
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 008000AC
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 008000F3
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 008000D8
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00800F9D
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00800051
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00800FAE
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00800FDB
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00800F8C
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00800FCA
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 0080006C
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00800091
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 0080010E
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00800025
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0080000A
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00800040
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00800F5D
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 007F0FA3
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!system 76A88B63 5 Bytes JMP 007F002E
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 007F001D
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 007F0FEF
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 007F0FBE
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 007F0000
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00170F86
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00170FA8
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00170FE5
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00170F97
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00170043
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00170FC3
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00170FD4
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00170014
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1256] WS2_32.dll!socket 778136D1 5 Bytes JMP 00810000
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00980F1E
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00980F39
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00980EE8
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00980F03
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00980048
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00980037
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00980F8A
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00980F54
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00980F6F
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 0098001B
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00980063
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00980099
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00980FD4
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00980FEF

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:14 am

.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00980FB9
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 0098007E
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00970058
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!system 76A88B63 5 Bytes JMP 00970FCD
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00970FDE
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 0097000C
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 0097003D
.text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00150062
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00150FC0
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00150FE5
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00150047
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00150FA5
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 0015001B
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00150000
.text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 0015002C
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1316] WS2_32.dll!socket 778136D1 5 Bytes JMP 00990FE5
.text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenA 7656D6C0 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenW 7656DB39 5 Bytes JMP 00960FD4
.text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenUrlA 7656F3D4 5 Bytes JMP 00960FB9
.text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenUrlW 765B6DD7 5 Bytes JMP 00960FA8
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1416] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1472] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1472] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1472] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00FA00A9
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00FA0098
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00FA00F0
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00FA00DF
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00FA0F6E
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00FA0FAF
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00FA0051
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00FA001B
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00FA006C
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00FA0040

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:14 am

.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00FA0F94
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00FA007D
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00FA0F49
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00FA000A
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00FA0FE5
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00FA0FD4
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00FA00C4
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wsystem 76A88A47 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00F9004B
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!system 76A88B63 5 Bytes JMP 00F90FC0
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00F90FE5
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00F90000
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00F9003A
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00F90029
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 009F0F6B
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 009F0F8D
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 009F0F7C
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 009F0F50
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 009F0FC3
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 009F0FD4
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 009F0FA8
.text C:\Windows\system32\svchost.exe[1504] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1504] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1504] WS2_32.dll!socket 778136D1 5 Bytes JMP 00FB0FEF
.text C:\Windows\RtHDVCpl.exe[1616] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\RtHDVCpl.exe[1616] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00C90F57
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00C900A6
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00C90F35
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00C900C1
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00C9006D
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00C90FDB
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00C90F94
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00C90047
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00C90F83
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00C90FA5
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00C90FC0
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00C90F72
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00C90F24
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00C9001B
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00C9000A
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00C9002C
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00C90F46
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00BF0062
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!system 76A88B63 5 Bytes JMP 00BF0047

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:15 am

.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00BF0FD7
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00BF0000
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00BF002C
.text C:\Windows\system32\svchost.exe[1628] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00BF0011
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 0024007D
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00240051
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00240062
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00240098
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00240FE5
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 0024001B
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00240036
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1628] WS2_32.dll!socket 778136D1 5 Bytes JMP 00CB0000
.text C:\Windows\system32\taskeng.exe[1668] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\system32\taskeng.exe[1668] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\System32\spoolsv.exe[1708] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe[1724] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 02360F31
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 02360F42
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 023600BD
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 023600A2
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 02360F6E
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 02360036
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 02360051
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 02360FAF
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 02360062
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 02360F94
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 02360FC0
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 02360F5D
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 023600CE
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 0236000A
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 02360FEF
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 0236001B
.text C:\Windows\system32\svchost.exe[1732] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 02360091
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 02350042

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:16 am

.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!system 76A88B63 5 Bytes JMP 02350031
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 02350FD2
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 02350FE3
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 02350FC1
.text C:\Windows\system32\svchost.exe[1732] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 02350000
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 02100FA8
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 0210004A
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 02100000
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 02100FC3
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 02100F97
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 02100025
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 02100FE5
.text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 02100FD4
.text C:\Windows\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1732] WS2_32.dll!socket 778136D1 5 Bytes JMP 023B0000
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1900] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\taskeng.exe[1940] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1940] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[1940] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2044] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2044] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2044] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2100] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2100] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2100] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[2108] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[2108] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[2108] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 002500C4
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 002500B3
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00250F53
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00250F64
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 0025007D
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00250040
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 0025006C

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:16 am

.text C:\Windows\Explorer.EXE[2160] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00250FCA
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00250F89
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00250FB9
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00250051
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00250098
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00250104
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00250FEF
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00250000
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 0025002F
.text C:\Windows\Explorer.EXE[2160] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 002500DF
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00210FA5
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00210FC0
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00210000
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00210047
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00210F8A
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00210011
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00210FE5
.text C:\Windows\Explorer.EXE[2160] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00210022
.text C:\Windows\Explorer.EXE[2160] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[2160] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00240F7F
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!system 76A88B63 5 Bytes JMP 00240F9A
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00240FB5
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00240FEF
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00240000
.text C:\Windows\Explorer.EXE[2160] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00240FC6
.text C:\Windows\Explorer.EXE[2160] WS2_32.dll!socket 778136D1 5 Bytes JMP 036B0FEF
.text C:\Windows\Explorer.EXE[2160] WININET.dll!InternetOpenA 7656D6C0 5 Bytes JMP 03680FEF
.text C:\Windows\Explorer.EXE[2160] WININET.dll!InternetOpenW 7656DB39 5 Bytes JMP 03680FDE
.text C:\Windows\Explorer.EXE[2160] WININET.dll!InternetOpenUrlA 7656F3D4 5 Bytes JMP 03680014
.text C:\Windows\Explorer.EXE[2160] WININET.dll!InternetOpenUrlW 765B6DD7 5 Bytes JMP 03680FB9
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2168] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2276] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2276] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2276] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 0082009C
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00820081
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 008200AD
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00820F17
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00820F7C
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00820FBC
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 0082005F
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00820FA1
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00820070
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00820039

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:17 am

.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00820028
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00820F57
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00820EFC
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00820FDE
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00820FEF
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00820FCD
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00820F3C
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00810042
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!system 76A88B63 5 Bytes JMP 00810FC1
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 0081000C
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00810FEF
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00810031
.text C:\Windows\System32\svchost.exe[2312] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00810FDE
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00800FD4
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 0080006C
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 0080000A
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00800FE5
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00800FC3
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00800036
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 0080001B
.text C:\Windows\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00800051
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2312] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2312] WS2_32.dll!socket 778136D1 5 Bytes JMP 00830000
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2332] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2332] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2332] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\vspc1000.exe[2432] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\vspc1000.exe[2432] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\vspc1000.exe[2432] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00850F20
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00850065
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00850091
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00850076
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00850F4C
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00850FA5
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00850F68
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00850F79
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00850F3B
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00850025
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00850F94
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 0085004A
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 008500AC
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00850000
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00850FEF
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00850FCA
.text C:\Windows\System32\svchost.exe[2492] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00850EFB

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:17 am

.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00800FA3
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!system 76A88B63 5 Bytes JMP 00800FBE
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 0080002E
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00800000
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00800FCF
.text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00800011
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 007F0087
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 007F0051
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 007F0FEF
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 007F006C
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 007F0FC0
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 007F001B
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 007F000A
.text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 007F0040
.text C:\Windows\System32\svchost.exe[2492] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2492] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2492] WS2_32.dll!socket 778136D1 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 008B0F2F
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 008B0074
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 008B00B1
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 008B0096
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 008B0063
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 008B0FC0
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 008B0F8A
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 008B0F6F
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 008B0047
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 008B0FA5
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 008B0F54
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 008B0F00
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 008B0FE5
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 008B0011
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 008B0085
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00860053
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!system 76A88B63 5 Bytes JMP 00860038
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00860FC8
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00860027
.text C:\Windows\system32\svchost.exe[2512] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00860000
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00850FAF
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 0085000A
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 0085005B
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 0085006C
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00850036
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 0085001B
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00850FDB
.text C:\Windows\system32\svchost.exe[2512] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2512] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2512] WS2_32.dll!socket 778136D1 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\SearchProtocolHost.exe[2536] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:18 am

.text C:\Windows\system32\SearchProtocolHost.exe[2536] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[2536] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2548] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2548] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2548] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2604] kernel32.dll!CreateThread + 1A 76B246E2 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] kernel32.dll!CreateThread + 1A 76B246E2 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00FE00A5
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00FE0094
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00FE00D1
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00FE0F3B
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00FE005E
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00FE0FC3
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00FE0F90
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00FE0FB2
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00FE006F
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00FE0FA1
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00FE002F
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00FE0F60
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00FE0F20
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00FE0FD4
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00FE00B6
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00FD0F92
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!system 76A88B63 5 Bytes JMP 00FD0FA3
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00FD0FC8
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00FD0000
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00FD001D
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00FD0FE3
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00FC0080
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00FC0FD4
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00FC0000
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00FC005B
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00FC0091
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00FC0FEF
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00FC0025
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00FC004A
.text C:\Windows\system32\svchost.exe[2740] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2740] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2740] WS2_32.dll!socket 778136D1 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\rundll32.exe[2788] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:18 am

.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 001700C4
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00170F7F
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 001700DF
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00170F49
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 0017007D
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00170FCA
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 0017006C
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0017004A
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00170098
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0017005B
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00170FB9
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 001700A9
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 001700F0
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00170025
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00170F5A
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00160FA8
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!system 76A88B63 5 Bytes JMP 00160FC3
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00160FDE
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00160FEF
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00160033
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00160018
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00150FCD
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00150054
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00150000
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 0015006F
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00150080
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00150025
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00150FDE
.text C:\Windows\System32\svchost.exe[2816] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2816] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2816] WS2_32.dll!socket 778136D1 5 Bytes JMP 00200FEF
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\SearchIndexer.exe[2872] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[2872] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchIndexer.exe[2872] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\WUDFHost.exe[2940] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[2940] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\WUDFHost.exe[2940] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2984] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2984] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2984] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:19 am

.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[3116] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[3116] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[3116] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3140] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\hp\KBD\kbd.exe[3620] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\hp\support\hpsysdrv.exe[3732] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:20 am

.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\iPod\bin\iPodService.exe[4224] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[4224] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[4224] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4736] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4736] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4736] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5504] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5504] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5504] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\SearchFilterHost.exe[5720] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchFilterHost.exe[5720] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchFilterHost.exe[5720] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745B7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745F98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745BD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745AF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:20 am

IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745B7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745AE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745EB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745BD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745B012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745B0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745A71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7463D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745D75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745ADAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745A668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745A66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745B1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2604] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2724] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2724] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 22nd July 2009, 3:23 am

The file was too big so I sent the scan results in 20 separate messages as copied from the word document I saved it on.

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on 23rd July 2009, 7:16 pm

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 24th July 2009, 6:41 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 24, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 24, 2009 14:15:28
Records in database: 2525759
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 187657
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:26:30

No malware has been detected. The scan area is clean.

The selected area was scanned.

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Origin on 24th July 2009, 6:44 pm

Please download [You must be registered and logged in to see this link.]

  • Next run the file; *Note: If running vista right click and select run as administrator
  • Once opened, navigate to the log tab and select all the areas including the hidden objects only box and click on the create log button
  • A scan will start and then a window will pop up with two options, select scan all drives
  • Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 27th July 2009, 12:06 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: 8E04F000
Module End: 8E059000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvstor32.sys
Service Name: ---
Module Base: 8E059000
Module End: 8E076000
Hidden: Yes

Module Name: \??\C:\Windows\system32\Drivers\mchInjDrv.sys
Service Name: ---
Module Base: 9EF3E000
Module End: 9EF3F000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateProcess
Address: 807DA282
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwCreateProcessEx
Address: 807DA474
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwTerminateProcess
Address: 807D9F32
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwCreateUserProcess
Address: 807DA67C
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwYieldExecution
At Address: 8286E18C
Jump To: 8C9DB9EE
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwUnmapViewOfSection
At Address: 82A6BD75
Jump To: 8C9DBA18
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwSetInformationProcess
At Address: 82A7B644
Jump To: 8C9DB99C
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwSetContextThread
At Address: 82ADBC7B
Jump To: 8C9DB9B0
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwRestoreKey
At Address: 82A9C402
Jump To: 8C9DBA59
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwReplaceKey
At Address: 82A9D44E
Jump To: 8C9DBA6D
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwProtectVirtualMemory
At Address: 82A7D89E
Jump To: 8C9DB9D8
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenThread
At Address: 82A491CA
Jump To: 8C9DB948
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenProcess
At Address: 82A58B06
Jump To: 8C9DB934
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwNotifyChangeKey
At Address: 82A0817C
Jump To: 8C9DBA45
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwMapViewOfSection
At Address: 82A6B71E
Jump To: 8C9DBA02
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateFile
At Address: 82A6DF86
Jump To: 8C9DB9C4
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: PsSetContextThread
At Address: 82ADBC7B
Jump To: 8C9DB9B0
Module Name: C:\Windows\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: COKEYELISHA:49165
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: COKEYELISHA:27015
Remote Address: LOCALHOST:49165
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: COKEYELISHA:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: COKEYELISHA:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52185
Remote Address: SPYNETTEST.MICROSOFT.COM:HTTPS
Type: TCP
Process: C:\Program Files\Windows Defender\MSASCui.exe
State: ESTABLISHED

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52164
Remote Address: 198.78.220.126:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52161
Remote Address: 198.78.220.126:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52149
Remote Address: 24.143.193.42:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52006
Remote Address: 208.49.52.75:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COKEYELISHA:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: COKEYELISHA:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: COKEYELISHA:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: COKEYELISHA:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: COKEYELISHA:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: COKEYELISHA:6646
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
State: LISTENING

Local Address: COKEYELISHA:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COKEYELISHA:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COKEYELISHA:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: COKEYELISHA:65278
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:62551
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: COKEYELISHA:59261
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: COKEYELISHA:57114
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe
State: NA

Local Address: COKEYELISHA:54042
Remote Address: NA
Type: UDP
Process: C:\Windows\HelpPane.exe
State: NA

Local Address: COKEYELISHA:50714
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: COKEYELISHA:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:65277
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:6646
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COKEYELISHA:58259
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COKEYELISHA:54618
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COKEYELISHA:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by Belahzur on 27th July 2009, 4:15 pm

Hello.
This looks fine, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Message on my computer: Windows Security Alert :Infiltration Alert Threat

Post by EElias1211 on 27th July 2009, 9:21 pm

Everything seems to be working realy well now. I greatly appreciate all the efforts made on my behalf.
EElias1211

EElias1211
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-07-14
OS OS : vista
Points Points : 27095
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum