Redirecting Virus blocking all Anti-viral programs

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 13th August 2009, 12:17 am

Drive F

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by Belahzur on 13th August 2009, 12:23 am

Hello.

Go to Start > Run. In the Run box, type in "cmd" without the quote marks and hit enter.
Now when the command prompt opens, tpye in the following:

expand F:\i386\appmgmts.dl_ c:\windows\system32\appmgmts.dll

Hit enter.

The command has to be typed exactly as seen, otherwise it wont work. To make it easier for you, I have pointed out where the spaces hard in case it's hard to read.

expandSPACEF:\i386\appmgmts.dl_SPACEc:\windows\system32\appmgmts.dll

If done correctly, it will say: 1 file(s) expanded successfully.

Let me know how it goes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 13th August 2009, 12:33 am

I type it in and it comes up with:

Can't open input file F:\i386\appmgmts.dl_

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by Belahzur on 13th August 2009, 1:16 am

Lets not try putting it in system32 yet, lets just do it to C:\ drive.

Go this next command:

expand F:\i386\appmgmts.dl_ C:\appmgmts.dll

Does it expand now? its there a appmgmts.dll in your C:\ drive?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 13th August 2009, 7:15 am

I recived the same message once more. How do I check if I have appmgmts.dll in my C:\ drive?

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 16th August 2009, 9:01 pm

Bump.

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by Belahzur on 16th August 2009, 9:20 pm

Hello.
Glad you bumped, was looking for you. LMBO or ROFL

Download that missing file from here:

[You must be registered and logged in to see this link.]

Download it to your Desktop, then move it into your system32 folder.
To do so:

Download the file, then right click it > Cut.

Now using Windows Explorer (windows key + E), navigate to this folder:
C:\Windows\system32

Right click anywhere, select "Paste" and that file will be put in the system32 folder.

Now lets uninstall a few useless things.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 16th August 2009, 11:04 pm

All right, I've moved that file to the system32 folder and everything worked fine with that. Here is my uninstall list:

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Ahead InCD EasyWrite Reader
AIM 6
AIM Toolbar 5.0
Apple Software Update
Audacity 1.2.6
Avance AC'97 Audio
Badongo
Cadbury Bunny Screensaver
Call of Duty
CCleaner (remove only)
CleanUp!
Combined Community Codec Pack 2008-01-24
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Easy MPEG/AVI/DIVX/WMV/RM to DVD 1.8.5
ERUNT 1.1j
Glary Utilities 2.14.0.711
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
happy_holidays Screen Saver
HERSHEYS Trick or Treats Midnight Sky Screen Saver
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
HP Image Zone 3.5
hp officejet v series
HP PSC & OfficeJet 3.5
HP Share-to-Web
HP Software Update
IL-2 Sturmovik: Forgotten Battles
Jasc Paint Shop Pro 8
Java DB 10.4.2.1
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 14
JavaFX(TM) 1.2 SDK
LimeWire 4.16.7
Logitech Gaming Software
Malwarebytes' Anti-Malware
Manga Studio Debut 3.0
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft VC9 runtime libraries
Microsoft WinUsb 1.0
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MMS Chocolate River Screen Saver
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero OEM
NVIDIA Drivers
OpenOffice.org Installer 1.0
Pearl Harbor
QuickTime
RealPlayer
scroller Screen Saver
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
Smart Menus (Windows Live Toolbar)
System Requirements Lab
ubi.com
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Media Player
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Toolbar
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by Belahzur on 17th August 2009, 2:00 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 8.1.2
    Java(TM) 6 Update 15
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 14
    JavaFX(TM) 1.2 SDK
    LimeWire 4.16.7
    Viewpoint Media Player

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 17th August 2009, 9:53 pm

Things seem to be running well now!!! I can open programs that it wouldn't allow me to before and everything seems perfectly fine!! Thank you so much! Hooray!

Edit: It won't allow me to open SuperAntispyware, even when I reinstall it. Does that mean that there's still something wrong?

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 21st August 2009, 9:17 pm

Bump.

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by Origin on 22nd August 2009, 4:59 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 22nd August 2009, 9:52 pm

GMER 1.0.15.15077 [842f42v0.exe] - [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-22 14:50:45
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF625E9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF625EA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF625E958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF625E96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF625EA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF625EA81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF625EAEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF625EAD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF625E9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF625EB1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF625EA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF625E930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF625E944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF625E9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF625EB57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF625EAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF625EAAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF625EA6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF625EB43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF625EB2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF625E996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF625E982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF625EA97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF625EA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF625EB05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF625EA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF625E9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwQueryValueKey + 5 8056A1F7 2 Bytes [90, 90] {NOP ; NOP }

---- User code sections - GMER 1.0.15 ----

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 22nd August 2009, 9:53 pm

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0025000A
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250076
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0025005B
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0025004A
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002500A4
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002500D0
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500BF
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002500E1
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0025002F
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250087
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250F37
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0034002C
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340062
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340011
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340000
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00340051
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350027
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0035000C
.text C:\Program Files\Internet Explorer\iexplore.exe[520] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00CB0000
.text C:\Program Files\Internet Explorer\iexplore.exe[520] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00CB0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[520] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00CB001B
.text C:\Program Files\Internet Explorer\iexplore.exe[520] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00CB0036
.text C:\Program Files\Internet Explorer\iexplore.exe[520] ws2_32.dll!socket 71AB4211 5 Bytes JMP 018D0000
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F77
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F92
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070098
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070087
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F1A
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F2B
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070EFF
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F5C
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700A9
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyExW

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 22nd August 2009, 9:53 pm

.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060073
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FA6
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005000C
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FB7
.text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA008E
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA007D
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA005B
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0040
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F63
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA00B5
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F48
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00D7
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0F2D
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F7E
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00C6
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B90FC0
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B9005B
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B90FDB
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B9004A
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B90F9E
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D9, 88]
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B90FAF
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B80040
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B80025
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B80FC6
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B80FB5
.text C:\WINDOWS\system32\lsass.exe[608] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B80FD7
.text C:\WINDOWS\system32\lsass.exe[608] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90051
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F66
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F83
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90040
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90F9E
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F9008E
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F9007D
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F90F24
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F35
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F900D8
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90025
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FDE
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F9006C
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F9000A
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90FB9
.text C:\WINDOWS\system32\svchost.exe[760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900B3
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FBC
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F8004A
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FCD
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FDE
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80039
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F80028
.text C:\WINDOWS\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80F97
.text C:\WINDOWS\system32\svchost.exe[760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F7003D
.text C:\WINDOWS\system32\svchost.exe[760] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F7002C
.text C:\WINDOWS\system32\svchost.exe[760] msvcrt.dll!_creat

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 22nd August 2009, 9:53 pm

.text C:\WINDOWS\system32\svchost.exe[760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70FE3
.text C:\WINDOWS\system32\svchost.exe[760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F7001B
.text C:\WINDOWS\system32\svchost.exe[760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70FC6
.text C:\WINDOWS\system32\svchost.exe[760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70F77
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70076
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70065
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70FA8
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D70FDE
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D700B3
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D700A2
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D700F0
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D700DF
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D70F3C
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70FB9
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D70025
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D70087
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D70040
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D700CE
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D60FCA
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D6005B
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D60FDB
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60011
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D60F9E
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D60FAF
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 88]
.text C:\WINDOWS\system32\svchost.exe[816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D60036
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D50020
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D50F95
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D50FC1
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D50FA6
.text C:\WINDOWS\system32\svchost.exe[816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D50FD2
.text C:\WINDOWS\system32\svchost.exe[816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028B0000
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 028B0082
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 028B0F83
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 028B0F94
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 028B0FAF
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028B0047
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028B0F50
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 028B0F61
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028B00C4
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028B00A9
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028B00DF
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 028B0FC0
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 028B0011
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 028B0F72
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 028B0FE5
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 028B0036
.text C:\WINDOWS\System32\svchost.exe[884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028B0F35
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01FB0036
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01FB006C
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01FB001B
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01FB000A
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01FB0FB9
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01FB0FEF
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01FB0FCA
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1B, 8A]
.text C:\WINDOWS\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01FB0051
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01FA0FB2
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!system 77C293C7 5 Bytes JMP 01FA0FC3
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01FA0029
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01FA0FEF
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01FA0FD4
.text C:\WINDOWS\System32\svchost.exe[884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01FA000C
.text C:\WINDOWS\System32\svchost.exe[884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01F90FEF
.text C:\WINDOWS\System32\svchost.exe[884] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01F80FEF
.text C:\WINDOWS\System32\svchost.exe[884] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01F80FDE
.text C:\WINDOWS\System32\svchost.exe[884] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01F80FC3
.text C:\WINDOWS\System32\svchost.exe[884] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01F80FB2
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileA

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 22nd August 2009, 9:54 pm

.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F37
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F52
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F79
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F8A
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FB6
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650EF8
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F09
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650065
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650ECC
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650076
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650F9B
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650F26
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FC7
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650022
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650EE7
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640F72
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FB9
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FCA
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640025
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00640F83
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640F94
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FB4
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630049
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0063001D
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630038
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063000C
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80FA3
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80FB4
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B8008E
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80FD1
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B8006C
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F6B
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B800B3
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F24
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F35
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B800CE
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B8007D
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B8001B
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F92
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80051
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80040
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B80F5A
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FC3
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B7006C
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70014
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70FD4
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70051
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B70040
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B7002F
.text C:\WINDOWS\System32\svchost.exe[996] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60F97
.text C:\WINDOWS\System32\svchost.exe[996] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FB2
.text C:\WINDOWS\System32\svchost.exe[996] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60FDE
.text C:\WINDOWS\System32\svchost.exe[996] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\System32\svchost.exe[996] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60FC3
.text C:\WINDOWS\System32\svchost.exe[996] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60018
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0078000A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780F9E
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780FAF
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780093
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780076
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780040
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F83
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007800CB
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780F5E
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007800F7
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00780F43
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0078005B
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FE5
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007800AE
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FD4
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780025
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800E6
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770022
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0077007D
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770011
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00770FDB
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770FB6
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770000
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00770058
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770047
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760051
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760FC6
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_creat

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 22nd August 2009, 9:55 pm

.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FEF
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0076002C
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760000
.text C:\WINDOWS\System32\svchost.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00750000
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C008E
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C007D
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0F99
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0FB6
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0FDB
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0F57
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F74
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0F28
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00C1
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C0F0D
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0062
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C009F
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0047
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C002C
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00B0
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0047
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0FC0
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B002C
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B007D
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0FDB
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0062
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0FBC
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0FCD
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0029
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FDE
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990000
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0202000A
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02020076
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02020F77
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02020051
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02020040
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02020FB9
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02020F2E
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02020F3F
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02020091
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02020F02
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02020EE7
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02020FA8
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02020FEF
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02020F5C
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02020FD4
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0202001B
.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02020F13
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02010036
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02010091
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02010FEF
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02010025
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02010FD4
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02010000
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0201006C
.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02010051
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01400033
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 01400FB2
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01400011
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01400FEF
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01400022
.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wopen

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 22nd August 2009, 9:55 pm

.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00CB000A
.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00CB0FD4
.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00CB0025
.text C:\WINDOWS\Explorer.EXE[1232] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0090
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA007F
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA006E
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0051
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0036
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F48
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F65
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00C6
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00B5
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0F12
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FAF
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA001B
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F80
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FCA
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FDB
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F2D
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930014
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F94
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FC3
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930051
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930036
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930025
.text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F9C
.text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB7
.text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0092001D
.text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FC8
.text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FE3
.text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 0090001B
.text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00900FCA
.text C:\WINDOWS\System32\svchost.exe[1804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250000
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250058
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250F63
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0025003D
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250F80
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0025001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0025008E
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250EF5
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00250F06
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002500A9
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0025002C
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00250FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250073
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250F21
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00340FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340054
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0034001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340F97
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0034000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00340FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [54, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] msvcrt.dll!_wsystem

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 22nd August 2009, 9:55 pm

.text C:\Program Files\Internet Explorer\iexplore.exe[4444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350022
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350F97
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350011
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01BE0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01BE0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01BE0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01BE0FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[4444] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02810FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0025007F
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0025006E
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0025002C
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F68
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250F79
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002500DC
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00250F43
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002500ED
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0025003D
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00250000
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002500A4
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0025001B
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002500C1
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0034002C
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340069
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0034001B
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340058
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340000
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00340FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [54, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0034003D
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350050
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350FC5
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0035002E
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0035003F
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0035001D
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01BE0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01BE0014
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01BE0025
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01BE0036
.text C:\Program Files\Internet Explorer\iexplore.exe[9744] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02800000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 22nd August 2009, 9:55 pm

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1FB2N0LL\friends[1].htm 0 bytes

---- EOF - GMER 1.0.15 ----

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by Origin on 25th August 2009, 3:35 pm

Please download [You must be registered and logged in to see this link.]

  • Next run the file; *Note: If running vista right click and select run as administrator
  • Once opened, navigate to the log tab and select all the areas including the hidden objects only box and click on the create log button
  • A scan will start and then a window will pop up with two options, select scan all drives
  • Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 25th August 2009, 11:31 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: OWNER-5VJH0W4RC:1029
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2740 (PID)
State: LISTENING

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3179
Remote Address: S78.DARKBB.COM:HTTP
Type: TCP
Process: 8196 (PID)
State: CLOSE_WAIT

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3171
Remote Address: S78.DARKBB.COM:HTTP
Type: TCP
Process: 8196 (PID)
State: CLOSE_WAIT

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3170
Remote Address: S78.DARKBB.COM:HTTP
Type: TCP
Process: 8196 (PID)
State: CLOSE_WAIT

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3169
Remote Address: S78.DARKBB.COM:HTTP
Type: TCP
Process: 8196 (PID)
State: CLOSE_WAIT

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3160
Remote Address: NUQ04S01-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: 8196 (PID)
State: ESTABLISHED

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3151
Remote Address: 64.236.76.160:HTTP
Type: TCP
Process: 8196 (PID)
State: ESTABLISHED

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3145
Remote Address: 64.212.100.35:HTTP
Type: TCP
Process: 8196 (PID)
State: ESTABLISHED

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3144
Remote Address: 64.212.100.35:HTTP
Type: TCP
Process: 8196 (PID)
State: ESTABLISHED

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3143
Remote Address: 64.212.100.35:HTTP
Type: TCP
Process: 8196 (PID)
State: ESTABLISHED

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3142
Remote Address: 64.212.100.35:HTTP
Type: TCP
Process: 8196 (PID)
State: ESTABLISHED

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3140
Remote Address: 64.212.100.58:HTTP
Type: TCP
Process: 8196 (PID)
State: ESTABLISHED

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:3136
Remote Address: WWW-CS-NTC07.EVIP.AOL.COM:HTTP
Type: TCP
Process: 8196 (PID)
State: ESTABLISHED

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:2331
Remote Address: A96-17-110-153.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 4208 (PID)
State: CLOSE_WAIT

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 25th August 2009, 11:31 pm

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: OWNER-5VJH0W4RC:6646
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1996 (PID)
State: LISTENING

Local Address: OWNER-5VJH0W4RC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: OWNER-5VJH0W4RC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 816 (PID)
State: LISTENING

Local Address: OWNER-5VJH0W4RC:3163
Remote Address: NA
Type: UDP
Process: 7324 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC:3135
Remote Address: NA
Type: UDP
Process: 8196 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC:1900
Remote Address: NA
Type: UDP
Process: 1216 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC:123
Remote Address: NA
Type: UDP
Process: 884 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:6646
Remote Address: NA
Type: UDP
Process: 1996 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:1900
Remote Address: NA
Type: UDP
Process: 1216 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC.HSD1.CA.COMCAST.NET.:123
Remote Address: NA
Type: UDP
Process: 884 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC:4500
Remote Address: NA
Type: UDP
Process: 608 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC:1900
Remote Address: NA
Type: UDP
Process: 1100 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC:500
Remote Address: NA
Type: UDP
Process: 608 (PID)
State: NA

Local Address: OWNER-5VJH0W4RC:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by Origin on 28th August 2009, 3:40 pm

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the following item for removal by clicking on it once.

    SuperAntispyware

  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.


Now install Superantispyware again and see if it opens now.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirecting Virus blocking all Anti-viral programs

Post by sanzoneedsahug on 28th August 2009, 9:08 pm

Thank you very much, this has sloved the problem.

sanzoneedsahug
Intermediate
Intermediate

Posts Posts : 96
Joined Joined : 2009-08-09
OS OS : XP
Points Points : 27438
# Likes # Likes : 0

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum