another antivirus 2010 problem

View previous topic View next topic Go down

Re: another antivirus 2010 problem

Post by memento2012 on Mon Sep 28, 2009 1:35 pm

ComboFix 09-09-27.04 - HP_Administrator 09/28/2009 9:19.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1326 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\yxyli.ban
c:\documents and settings\All Users\Documents\ebasede.reg
c:\documents and settings\All Users\Documents\okowe.scr
c:\documents and settings\All Users\Documents\onokurim.dl
c:\documents and settings\All Users\Documents\pudufyjywa.exe
c:\documents and settings\HP_Administrator\Application Data\ojoceqo.lib
c:\documents and settings\HP_Administrator\Cookies\yluhah.pif
c:\documents and settings\HP_Administrator\Local Settings\Application Data\qurat.bat
c:\documents and settings\HP_Administrator\Local Settings\Application Data\vawupami.scr
c:\documents and settings\HP_Administrator\Local Settings\temp\IadHide5.dll
c:\windows\system32\41.exe
c:\windows\system32\iniasd.txt
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 13:23 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-28 13:23 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-27 15:59 . 2009-09-27 15:59 -------- d-----w- c:\program files\Alwil Software
2009-09-27 15:51 . 2009-09-27 15:51 -------- d-----w- c:\program files\Windows Defender
2009-09-27 15:49 . 2009-09-27 15:49 -------- d-----w- c:\program files\CCleaner
2009-09-27 15:44 . 2009-09-28 13:26 -------- d-----w- c:\windows\Internet Logs
2009-09-27 15:28 . 2009-09-27 15:28 0 ----a-w- c:\windows\nsreg.dat
2009-09-27 15:28 . 2009-09-27 15:28 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Mozilla
2009-09-24 23:32 . 2009-09-24 23:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 23:02 . 2009-09-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-23 23:02 . 2009-09-23 23:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-23 23:02 . 2009-09-23 23:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-09-21 21:47 . 2009-09-21 21:47 -------- d-----w- C:\_OTM
2009-09-21 02:39 . 2009-09-21 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-09-21 02:39 . 2009-09-21 02:39 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Conduit
2009-09-21 02:39 . 2009-09-22 02:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-09-20 14:19 . 2009-09-20 14:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-09-20 14:14 . 2009-09-20 14:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-18 18:19 . 2009-09-18 18:19 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Kenwood_Corporation
2009-09-18 18:19 . 2009-09-18 18:19 -------- d-----w- c:\program files\KENWOOD
2009-09-11 11:44 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 15:47 . 2009-09-27 15:46 -------- d-----w- c:\program files\AskBarDis
2009-09-27 15:46 . 2009-09-27 15:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-27 15:46 . 2009-09-27 15:46 -------- d-----w- c:\program files\Zone Labs
2009-09-25 17:02 . 2009-06-06 16:48 -------- d-----w- c:\program files\McAfee
2009-09-25 02:21 . 2007-07-24 19:58 95616 ----a-w- c:\windows\junction.exe
2009-09-24 23:31 . 2006-09-02 03:48 -------- d-----w- c:\program files\Java
2009-09-23 23:01 . 2007-12-01 01:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-21 00:15 . 2009-06-06 23:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 14:09 . 2007-08-28 23:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-09-11 14:52 . 2007-12-06 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-10 18:54 . 2009-06-06 23:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-06-06 23:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 01:36 . 2006-09-02 04:18 58936 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 21:04 . 2009-08-06 21:04 -------- d-----w- c:\program files\MSBuild
2009-08-06 21:04 . 2009-08-06 21:04 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 16:32 . 2009-07-13 00:40 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-14 03:43 . 2004-08-10 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 23:56 . 2009-07-12 23:56 61224 ----a-w- c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe
2009-07-08 17:44 . 2009-07-13 00:40 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 17:44 . 2009-07-13 00:40 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 17:44 . 2009-07-13 00:40 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 17:44 . 2009-07-13 00:40 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 17:43 . 2009-07-13 00:40 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2006-11-25 22:33 . 2007-08-16 03:31 22 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-28 13:25 . 2009-09-28 13:25 16384 c:\windows\Temp\Perflib_Perfdata_13c.dat
+ 2009-09-27 15:46 . 2009-02-16 04:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-09-27 15:46 . 2008-11-17 06:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-09-27 15:46 . 2009-02-16 04:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 69000 c:\windows\system32\zlcomm.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 35208 c:\windows\system32\vswmi.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 58248 c:\windows\system32\vsregexp.dll
+ 2009-06-14 03:27 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2009-06-14 03:27 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 04:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2004-08-10 11:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2005-08-31 04:02 . 2009-09-28 13:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-31 04:02 . 2009-09-20 13:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 20:51 . 2009-09-28 13:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 20:51 . 2009-09-20 13:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-20 17:38 . 2009-09-28 13:04 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-30 20:51 . 2009-09-20 13:36 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-27 15:45 . 2009-09-27 15:45 62464 c:\windows\Installer\1906d1.msi
+ 2009-09-23 23:02 . 2009-09-23 23:02 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-09-23 23:02 . 2009-09-23 23:02 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-09-27 15:46 . 2009-02-16 04:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2009-09-23 23:02 . 2009-09-23 23:02 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 09:23 . 2008-07-29 09:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 09:23 . 2008-07-29 09:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 07:51 . 2008-07-29 07:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-09-27 15:45 . 2009-02-16 04:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-09-27 15:46 . 2007-10-11 20:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-09-27 15:46 . 2008-11-17 06:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-09-27 15:46 . 2008-11-17 06:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-09-27 15:45 . 2009-02-04 22:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-09-27 15:46 . 2008-03-17 20:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 103816 c:\windows\system32\zlcommdb.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 109960 c:\windows\system32\vsxml.dll
+ 2009-09-27 15:45 . 2009-02-16 04:10 482184 c:\windows\system32\vsutil.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-09-27 15:45 . 2009-02-16 04:10 229256 c:\windows\system32\vsinit.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-09-27 15:45 . 2009-02-16 04:10 110472 c:\windows\system32\vsdata.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 136192 c:\windows\system32\msv1_0.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2009-09-24 23:32 . 2009-09-24 23:31 149280 c:\windows\system32\javaws.exe
+ 2009-09-24 23:32 . 2009-09-24 23:31 145184 c:\windows\system32\javaw.exe
+ 2009-09-24 23:32 . 2009-09-24 23:31 145184 c:\windows\system32\java.exe
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-06-06 15:31 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 1221512 c:\windows\system32\zpeng25.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-09-27 15:46 . 2008-11-17 06:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-09-27 15:46 . 2009-02-16 04:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-09-23 23:02 . 2009-09-23 23:02 1583616 c:\windows\Installer\a443d4.msi
+ 2009-09-24 23:31 . 2009-09-24 23:31 1757696 c:\windows\Installer\8a96b.msi
+ 2009-09-27 15:51 . 2009-09-27 15:51 1155072 c:\windows\Installer\1906d5.msi
+ 2009-09-27 15:46 . 2008-12-15 05:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-09-27 15:46 . 2008-12-15 05:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 22:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-24 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ICO.EXE [2004-07-14 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-9-2 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/27/2009 11:46 AM 464264]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [9/2/2006 12:04 AM 82048]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S2 jihrcaxlxh;jihrcaxlxh;\??\c:\windows\system32\drivers\wclqgubqw.sys --> c:\windows\system32\drivers\wclqgubqw.sys [?]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [6/6/2009 7:03 PM 16512]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [6/6/2009 7:03 PM 13824]
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-29 23:21]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-13 01:26]

2009-07-13 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-13 01:26]

2009-06-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2009-09-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\v76pphj7.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\HP_Administrator\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-28 09:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(300)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
.
**************************************************************************
.
Completion time: 2009-09-28 9:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-28 13:30
ComboFix2.txt 2009-09-20 14:33

Pre-Run: 221,572,018,176 bytes free
Post-Run: 221,678,755,840 bytes free

354 --- E O F --- 2009-09-24 03:10

memento2012
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-09-20
OS : XP

View user profile

Back to top Go down

Re: another antivirus 2010 problem

Post by Origin on Mon Sep 28, 2009 2:29 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: another antivirus 2010 problem

Post by memento2012 on Mon Sep 28, 2009 8:52 pm

GMER 1.0.15.15087 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-28 16:49:13
Windows 5.1.2600 Service Pack 3
Running: zdgqyxzp.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kxldqpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB1D390B0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB1C7B4EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB1C7B581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB1C7B498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB1C7B4AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB1C7B595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB1C7B5C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB1C7B62F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB1C7B619]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB1C7B52A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB1C7B65B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB1C7B56D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB1C7B470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB1C7B484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB1C7B4FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB1C7B697]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB1C7B603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB1C7B5ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB1C7B5AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB1C7B683]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB1C7B66F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB1C7B4D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB1C7B4C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB1C7B5D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB1C7B559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB1C7B645]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB1C7B540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB1C7B514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B1C7B518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B1C7B4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP B1C7B52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP B1C7B544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP B1C7B502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 2 Bytes JMP B1C7B474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess + 3 805CB40B 2 Bytes [6B, 31]
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP B1C7B488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP B1C7B4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP B1C7B4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP B1C7B49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP B1C7B4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP B1C7B55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219E8 7 Bytes JMP B1C7B5F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D36 7 Bytes JMP B1C7B5DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622060 7 Bytes JMP B1C7B649 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228FE 7 Bytes JMP B1C7B607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP B1C7B5AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B0 5 Bytes JMP B1C7B585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 7 Bytes JMP B1C7B599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 7 Bytes JMP B1C7B5C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 7 Bytes JMP B1C7B633 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425A 7 Bytes JMP B1C7B61D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP B1C7B571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EA8 7 Bytes JMP B1C7B69B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625168 5 Bytes JMP B1C7B673 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585C 5 Bytes JMP B1C7B687 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 5 Bytes JMP B1C7B65F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0062
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F6D
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0F88
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FC0
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F48
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0090
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0EF7
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F1C
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0EDC
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0073
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F2D
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FB2
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930028
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FC3
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FDE
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F6B
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F7C
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930F97
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920044
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0092000C
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920055
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920029
.text C:\WINDOWS\system32\svchost.exe[688] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[688] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[688] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 00900FDB
.text C:\WINDOWS\system32\svchost.exe[688] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 0090002C
.text C:\WINDOWS\system32\svchost.exe[688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0091000A
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F30000
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F300C6
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F300A1
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F30090
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F30073
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30FDB
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F30FA2
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F300F4
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F30120
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F30105
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F30F76
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F30062
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F30011
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F300D7
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F30047
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F3002C
.text C:\Program Files\Messenger\msmsgs.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F30F91
.text C:\Program Files\Messenger\msmsgs.exe[780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F1005D
.text C:\Program Files\Messenger\msmsgs.exe[780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10042
.text C:\Program Files\Messenger\msmsgs.exe[780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F10FD2
.text C:\Program Files\Messenger\msmsgs.exe[780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F10000
.text C:\Program Files\Messenger\msmsgs.exe[780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F10031
.text C:\Program Files\Messenger\msmsgs.exe[780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F10FE3
.text C:\Program Files\Messenger\msmsgs.exe[780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F20025
.text C:\Program Files\Messenger\msmsgs.exe[780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F20FAF
.text C:\Program Files\Messenger\msmsgs.exe[780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F20014
.text C:\Program Files\Messenger\msmsgs.exe[780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F20FDE
.text C:\Program Files\Messenger\msmsgs.exe[780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F20076
.text C:\Program Files\Messenger\msmsgs.exe[780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F20FEF
.text C:\Program Files\Messenger\msmsgs.exe[780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F20051
.text C:\Program Files\Messenger\msmsgs.exe[780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F20040
.text C:\Program Files\Messenger\msmsgs.exe[780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F0000A
.text C:\Program Files\Messenger\msmsgs.exe[780] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 00EF0000
.text C:\Program Files\Messenger\msmsgs.exe[780] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 00EF0FE5
.text C:\Program Files\Messenger\msmsgs.exe[780] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 00EF0FCA
.text C:\Program Files\Messenger\msmsgs.exe[780] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 00EF0FAF
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F8F
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070084
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070069
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FAC
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F59
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F6A
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F19
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700B2
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700CD
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070095
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F3E
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060047
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0006007D
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0005002E
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FA3
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FC8
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F8A
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F8007F
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80FA5
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80FC0
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80047
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F5E
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F8009A
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F800E3
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F800C8
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F800FE
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80062
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F8001B
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80F6F
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80036
.text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F800B7
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F70040
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F70091
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F70025
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F7000A
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F70076
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F70FD4
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [17, 89]
.text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F7005B
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F60062
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F6003D
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F60022
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F60FCD
.text C:\WINDOWS\system32\lsass.exe[816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F60FDE
.text C:\WINDOWS\system32\lsass.exe[816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02450000
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02450F8A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02450089
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0245006E
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02450051
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02450FAF
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024500C8
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024500B7
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024500FE
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02450F65
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02450F4A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02450040
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02450011
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0245009A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02450FC0
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02450FDB
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 024500E3
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02440FB6
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02440F79
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02440011
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02440FDB
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02440036
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02440000
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02440F94
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [64, 8A]
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02440FA5
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0243004C
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!system 77C293C7 5 Bytes JMP 02430FB7
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02430027
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02430FE3
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02430FD2
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0243000C
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02420000
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F7009A
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70089
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70078
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F7005B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70FCA
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700DA
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F700BF
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70117
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700FC
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70128
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7001B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F94
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70040
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F700EB
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60014
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F6005B
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FC3
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60040
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F6002F
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FB2
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50F97
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FB2
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50011
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FE3
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50022
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[1044] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 055A000A
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 055A005B
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 055A0F5C
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 055A0F83
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 055A0F9E
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 055A0FC0
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 055A0076
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 055A0F2E
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 055A0EF8
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 055A0F13
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 055A0EDD
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 055A0FAF
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 055A001B
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 055A0F4B
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 055A002C
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 055A0FE5
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 055A0091
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05590FB9
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05590065
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05590014
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 05590FDE
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0559004A
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 05590FEF
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 05590039
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05590FA8
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 05580FAD
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 05580038
.text

memento2012
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-09-20
OS : XP

View user profile

Back to top Go down

Re: another antivirus 2010 problem

Post by memento2012 on Mon Sep 28, 2009 8:52 pm

C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0558001D
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05580000
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05580FD2
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05580FEF
.text C:\WINDOWS\System32\svchost.exe[1180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02000FEF
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 01FF0000
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 01FF0011
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 01FF0022
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 01FF003D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650098
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650087
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650FAD
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F81
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006500C9
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500FC
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500EB
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0065010D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650F92
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0065002C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006500DA
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FB9
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640051
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640F8A
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0063003F
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FB4
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0063001D
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063002E
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063000C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0080002C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800F37
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00800011
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00800F54
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800F8A
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00800F1A
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800062
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00800EF5
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00800098
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008000A9
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00800F6F
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00800047
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00800FAF
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0080007D
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0FC3
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F005B
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F0FD4
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F004A
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007F0039
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F0FB2
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E004B
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0FCA
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E003A
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E0029
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F6F
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00F94
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00FA5
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00062
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FCA
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A00090
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F54
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A000C3
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A000B2
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000D4
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00051
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A0007F
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A00036
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A000A1
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F94
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F001B
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0051
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009F0040
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0FB9
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E005A
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0049
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0FE3
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E000C
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E002E
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E001D
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC00BD
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC00A2
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0087
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC006C
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0036
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC0104
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC00E9
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC0F7C
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC0F8D
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC0130
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC005B
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC00CE
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC0025
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC000A
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC0115
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20036
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20087
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C2001B
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C20062
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20047
.text C:\WINDOWS\Explorer.EXE[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\Explorer.EXE[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10FDE
.text C:\WINDOWS\Explorer.EXE[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10029
.text C:\WINDOWS\Explorer.EXE[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\Explorer.EXE[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10044
.text C:\WINDOWS\Explorer.EXE[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C1000C
.text C:\WINDOWS\Explorer.EXE[1724] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 00BE0000
.text C:\WINDOWS\Explorer.EXE[1724] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\Explorer.EXE[1724] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 00BE0011
.text C:\WINDOWS\Explorer.EXE[1724] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 00BE0022
.text C:\WINDOWS\Explorer.EXE[1724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0078
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A005D
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F83
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F94
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A009F
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F57
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D8
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F35
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F24
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F68
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[2540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F46
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290036
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290FC0
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FE5
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290073
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290062
.text C:\WINDOWS\System32\svchost.exe[2540] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290051
.text C:\WINDOWS\System32\svchost.exe[2540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0FAD
.text C:\WINDOWS\System32\svchost.exe[2540] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FBE
.text C:\WINDOWS\System32\svchost.exe[2540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FE3
.text C:\WINDOWS\System32\svchost.exe[2540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[2540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E002E
.text C:\WINDOWS\System32\svchost.exe[2540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0011
.text C:\WINDOWS\System32\svchost.exe[2540] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F80
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A007F
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0062
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0047
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F5E
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F6F
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D2
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00C1
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00E3
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0036
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0090
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F43
.text C:\WINDOWS\system32\dllhost.exe[2640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290F86
.text C:\WINDOWS\system32\dllhost.exe[2640] msvcrt.dll!system 77C293C7 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\dllhost.exe[2640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FB5
.text C:\WINDOWS\system32\dllhost.exe[2640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FE3
.text C:\WINDOWS\system32\dllhost.exe[2640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\dllhost.exe[2640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FC6
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0058
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A002C
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\dllhost.exe[2640] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F81
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10F9C
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10076
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10065
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10F53
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C1009B
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F27
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100C0
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C100DB
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10F70
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C10F42
.text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C0007D
.text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00014
.text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00FC0
.text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C0006C
.text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C0005B
.text C:\WINDOWS\system32\svchost.exe[2784] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0042
.text C:\WINDOWS\system32\svchost.exe[2784] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0027
.text C:\WINDOWS\system32\svchost.exe[2784] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0016
.text C:\WINDOWS\system32\svchost.exe[2784] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[2784] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0FB7
.text C:\WINDOWS\system32\svchost.exe[2784] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[2784] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0FA1
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0096
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0FB2
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0FC3
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F75
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F86
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00F0
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00DF
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0F46
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0065
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00B1
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[2976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00CE
.text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0F7C
.text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0FB9
.text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0F8D
.text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BB002F
.text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\svchost.exe[2976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0FBE
.text C:\WINDOWS\system32\svchost.exe[2976] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FCF
.text C:\WINDOWS\system32\svchost.exe[2976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA002E
.text C:\WINDOWS\system32\svchost.exe[2976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[2976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA003F
.text C:\WINDOWS\system32\svchost.exe[2976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0011

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 reƖ 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 reƖ 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

memento2012
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-09-20
OS : XP

View user profile

Back to top Go down

Re: another antivirus 2010 problem

Post by Belahzur on Tue Sep 29, 2009 12:13 am

Hello.
Can you post a NEW uninstall log? same instructions for getting one of those logs like before.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: another antivirus 2010 problem

Post by memento2012 on Tue Sep 29, 2009 2:09 am

Here is the new uninstall log from HijackThis. Thanks.


Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
AnswerWorks 4.0 Runtime - English
Apple Software Update
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Desktop Doctor
Enhanced Multimedia Keyboard Solution
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Grandmaster Challenge
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Update
HP Web Helper
iPod for Windows 2005-02-07
iTunes
Java(TM) 6 Update 16
KENWOOD Music Editor
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mouse Suite
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
NVIDIA Drivers
Otto
PaperVision Document Viewer Controls
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Sansa Media Converter
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
TurboTax Home & Business 2007
TVUPlayer 2.3.4.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Updates from HP (remove only)
VC 9.0 Runtime
WildTangent Web Driver
Windows Defender
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Toolbar for Internet Explorer
ZoneAlarm Spy Blocker Toolbar

memento2012
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-09-20
OS : XP

View user profile

Back to top Go down

Re: another antivirus 2010 problem

Post by Belahzur on Tue Sep 29, 2009 10:39 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    ZoneAlarm Spy Blocker Toolbar

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: another antivirus 2010 problem

Post by memento2012 on Wed Sep 30, 2009 2:23 am

Thanks for your help, Belahzur. The computer is running well. From now I will be very careful not to browse unknown websites. I have three anti-spywares downloaded to the computer and hopefully that will prevent future problems. Annoyed or Unimpress

I was able to remove the ZoneAlarm toolbar and uninstall Combofix. i also set up a new system restore point.
Thank You!

memento2012
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-09-20
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum