Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinAntiVirusPro 2006 Hijacker

Started by DannyB100uk , Nov 14 2006 09:38 AM

  • Please log in to reply

#1
DannyB100uk
Posted 14 November 2006 - 09:38 AM

DannyB100uk

    Member

  • Member
  • PipPip
  • 13 posts
I really do not know how to remove this hijacker please help

Logfile of HijackThis v1.99.1
Scan saved at 15:45:21, on 14/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\becca\Desktop\hijack\virus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll (file missing)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay11...es/MsnPUpld.cab
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto....loadFotoCom.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe



Thanks Dan
  • 0

Advertisements

#2
Wizard
Posted 14 November 2006 - 09:41 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Dan and Welcome to GeekstoGo!


Please download Combofix to your desktop.
http://download.blee...Bs/combofix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.
  • 0

#3
DannyB100uk
Posted 14 November 2006 - 09:59 AM

DannyB100uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
becca - 06-11-14 16:05:38.43 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\becca\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))


2006-11-09 07:47 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2006-11-08 23:02 1,152 --a------ C:\WINDOWS\system32\windrv.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Ulead Photo Express 4.0 SE Calendar Checker .lnk"
"backup"="C:\\WINDOWS\\pss\\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ULEADS~1\\ULEADP~1.0SE\\CalCheck.exe "
"item"="Ulead Photo Express 4.0 SE Calendar Checker "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Alaunch"
"hkey"="HKLM"
"command"="Alaunch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LManager"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ltmoh"
"hkey"="HKLM"
"command"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FirstStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-14 16:06:33.07
C:\ComboFix.txt ... 06-11-14 16:06
  • 0

#4
DannyB100uk
Posted 14 November 2006 - 10:35 AM

DannyB100uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for the help
This what u needed?
  • 0

#5
Wizard
Posted 14 November 2006 - 11:06 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Thats odd,I dont see anything much wrong with that log.

What is the exact nature of your issue?

Are you getting popups for WinAntiVirusPro 2006?


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#6
DannyB100uk
Posted 14 November 2006 - 11:15 AM

DannyB100uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Running scanner now.

I get pop ups of winantiviruspro 2006 all the time and it tries to install it to my laptop the website it goes to is www.amaena.com and pop ups saying i am infected?
  • 0

#7
Wizard
Posted 14 November 2006 - 06:29 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Post back when the scanner is complete.
  • 0

#8
DannyB100uk
Posted 16 November 2006 - 04:32 AM

DannyB100uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry Scan took a few times before it worked.

Here it is hope it helps:-
Scanning Report
Thursday, November 16, 2006 10:07:19 - 10:38:54
Computer name: N13
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 5 malware found
Stealth_file (hidden item)
C:\WINDOWS\SYSTEM32\MUJDXZ~1.EXE
Stealth_process (hidden item)
C:\WINDOWS\SYSTEM32\MUJDXZSPT.EXE
Tracking Cookie (spyware)
System (Disinfected)
W32/Malware (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5AFDB1E-03D1-475D-8C1E-9A550FA363CC}\RP172\A0026387.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E5AFDB1E-03D1-475D-8C1E-9A550FA363CC}\RP154\A0021394.EXE

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 19386
System: 3676
Not scanned: 4
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 4
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\HIBERFIL.SYS
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{7060E9CF-D361-44A5-95A4-42916B3DCA90}.BIN
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 7.0.171, 2006-11-16
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 2006-11-10
F-Secure Libra: 2.4.2, 2006-11-15
F-Secure Orion: 1.2.37, 2006-11-16
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
  • 0

#9
Wizard
Posted 16 November 2006 - 12:36 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Download GMER from Here

Right Click the Zip and Select "Extract All"

Double Click gmer.exe to launch the program.

Click on the Rootkit Tab and then click Scan.

It takes a while to run,once complete,copy the results to notepad and save them somewhere safe.

Post those results in the next reply.
  • 0

#10
DannyB100uk
Posted 25 November 2006 - 01:54 PM

DannyB100uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GMER 1.0.12.11889 - http://www.gmer.net
Rootkit scan 2006-11-25 20:02:02
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.12 ----

.text C:\Acer\eManager\anbmServ.exe[172] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01621EC1
.text C:\Acer\eManager\anbmServ.exe[172] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01621C62
.text C:\Acer\eManager\anbmServ.exe[172] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01621A0B
.text C:\Acer\eManager\anbmServ.exe[172] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0162191B
.text C:\Acer\eManager\anbmServ.exe[172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01622C34
.text C:\Acer\eManager\anbmServ.exe[172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01622BA6
.text C:\Acer\eManager\anbmServ.exe[172] advapi32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01622DA7
.text C:\Acer\eManager\anbmServ.exe[172] advapi32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01622D16
.text C:\program files\mcafee.com\agent\mcdetect.exe[260] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\program files\mcafee.com\agent\mcdetect.exe[260] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\program files\mcafee.com\agent\mcdetect.exe[260] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\program files\mcafee.com\agent\mcdetect.exe[260] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\program files\mcafee.com\agent\mcdetect.exe[260] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\program files\mcafee.com\agent\mcdetect.exe[260] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\program files\mcafee.com\agent\mcdetect.exe[260] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\program files\mcafee.com\agent\mcdetect.exe[260] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[292] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01B61EC1
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[292] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01B61C62
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[292] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01B61A0B
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[292] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01B6191B
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[292] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01B62C34
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[292] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01B62BA6
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[292] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01B62DA7
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[292] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01B62D16
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[336] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[336] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[336] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[336] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[336] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[336] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[368] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[368] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[368] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[368] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[368] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[368] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[460] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 006D1EC1
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[460] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 006D1C62
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[460] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 006D1A0B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[460] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 006D191B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[460] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006D2C34
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[460] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006D2BA6
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[460] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 006D2DA7
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[460] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 006D2D16
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[476] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[476] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[476] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[476] advapi32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[476] advapi32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\winlogon.exe[508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\winlogon.exe[508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\winlogon.exe[508] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\winlogon.exe[508] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\services.exe[552] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\services.exe[552] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\services.exe[552] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\services.exe[552] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\services.exe[552] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\services.exe[552] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\services.exe[552] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\lsass.exe[564] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\lsass.exe[564] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\lsass.exe[564] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\lsass.exe[564] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\lsass.exe[564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\lsass.exe[564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\lsass.exe[564] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\lsass.exe[564] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\Ati2evxx.exe[716] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\Ati2evxx.exe[716] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\Ati2evxx.exe[716] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\Ati2evxx.exe[716] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\Ati2evxx.exe[716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\Ati2evxx.exe[716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\Ati2evxx.exe[716] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\Ati2evxx.exe[716] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\spoolsv.exe[1232] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\spoolsv.exe[1232] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\spoolsv.exe[1232] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\spoolsv.exe[1232] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\spoolsv.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\spoolsv.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\spoolsv.exe[1232] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\spoolsv.exe[1232] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01141EC1
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01141C62
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01141A0B
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0114191B
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01142C34
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01142BA6
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01142DA7
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01142D16
.text C:\WINDOWS\Explorer.EXE[1460] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01CF3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\wdfmgr.exe[1552] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\wdfmgr.exe[1552] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\wdfmgr.exe[1552] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 013B1EC1
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 013B1C62
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 013B1A0B
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 013B191B
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 013B2C34
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 013B2BA6
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 013B2DA7
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 013B2D16
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] WS2_32.dll!connect 71AB406A 3 Bytes JMP 01373E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1624] WS2_32.dll!connect + 4 71AB406E 1 Byte
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1632] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DE1EC1
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1632] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DE1C62
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1632] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DE1A0B
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1632] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DE191B
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DE2C34
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DE2BA6
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1632] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00DE2DA7
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1632] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00DE2D16
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1632] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00DB3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1640] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01171EC1
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1640] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01171C62
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1640] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01171A0B
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1640] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0117191B
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01172C34
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01172BA6
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1640] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01172DA7
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01172D16
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1640] WS2_32.dll!connect 71AB406A 5 Bytes JMP 017D3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1668] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 011E1EC1
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1668] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011E1C62
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1668] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011E1A0B
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1668] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 011E191B
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011E2C34
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011E2BA6
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1668] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 011E2DA7
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1668] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 011E2D16
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1680] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01C01EC1
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1680] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01C01C62
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1680] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01C01A0B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1680] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01C0191B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01C02C34
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01C02BA6
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1680] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01C23E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1680] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01C02DA7
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1680] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01C02D16
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1688] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01161EC1
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1688] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01161C62
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1688] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01161A0B
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1688] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0116191B
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01162C34
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01162BA6
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1688] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01162DA7
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1688] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01162D16
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1688] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01113E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\windows\system32\mujdxzspt.exe[1776] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 014F1EC1
.text C:\windows\system32\mujdxzspt.exe[1776] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 014F1C62
.text C:\windows\system32\mujdxzspt.exe[1776] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 014F1A0B
.text C:\windows\system32\mujdxzspt.exe[1776] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 014F191B
.text C:\windows\system32\mujdxzspt.exe[1776] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 014F2C34
.text C:\windows\system32\mujdxzspt.exe[1776] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 014F2BA6
.text C:\windows\system32\mujdxzspt.exe[1776] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 014F2DA7
.text C:\windows\system32\mujdxzspt.exe[1776] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 014F2D16
.text C:\windows\system32\mujdxzspt.exe[1776] WS2_32.dll!connect 71AB406A 5 Bytes JMP 020B3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\system32\ctfmon.exe[1792] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A41EC1
.text C:\WINDOWS\system32\ctfmon.exe[1792] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A41C62
.text C:\WINDOWS\system32\ctfmon.exe[1792] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A41A0B
.text C:\WINDOWS\system32\ctfmon.exe[1792] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A4191B
.text C:\WINDOWS\system32\ctfmon.exe[1792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A42C34
.text C:\WINDOWS\system32\ctfmon.exe[1792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A42BA6
.text C:\WINDOWS\system32\ctfmon.exe[1792] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00A42DA7
.text C:\WINDOWS\system32\ctfmon.exe[1792] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00A42D16
.text C:\WINDOWS\system32\ctfmon.exe[1792] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00A13E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Messenger\msmsgs.exe[1800] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00FF1EC1
.text C:\Program Files\Messenger\msmsgs.exe[1800] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00FF1C62
.text C:\Program Files\Messenger\msmsgs.exe[1800] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00FF1A0B
.text C:\Program Files\Messenger\msmsgs.exe[1800] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00FF191B
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF2C34
.text C:\Program Files\Messenger\msmsgs.exe[1800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF2BA6
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00FF2DA7
.text C:\Program Files\Messenger\msmsgs.exe[1800] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00FF2D16
.text C:\Program Files\Messenger\msmsgs.exe[1800] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00CA3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[1916] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01921EC1
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[1916] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01921C62
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[1916] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01921A0B
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[1916] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0192191B
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[1916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01922C34
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[1916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01922BA6
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[1916] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01922DA7
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[1916] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01922D16
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[1916] WS2_32.dll!connect 71AB406A 5 Bytes JMP 017F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2276] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2276] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2276] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2276] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2276] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2276] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2276] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00EB3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\System32\alg.exe[2892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\System32\alg.exe[2892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\System32\alg.exe[2892] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\System32\alg.exe[2892] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2968] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2968] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2968] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2968] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2968] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2968] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2968] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00EF3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\MSN Messenger\MSNMSGR.EXE[3584] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\Program Files\MSN Messenger\MSNMSGR.EXE[3584] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\Program Files\MSN Messenger\MSNMSGR.EXE[3584] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\Program Files\MSN Messenger\MSNMSGR.EXE[3584] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\MSN Messenger\MSNMSGR.EXE[3584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\Program Files\MSN Messenger\MSNMSGR.EXE[3584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\Program Files\MSN Messenger\MSNMSGR.EXE[3584] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\Program Files\MSN Messenger\MSNMSGR.EXE[3584] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\Program Files\MSN Messenger\MSNMSGR.EXE[3584] WS2_32.dll!connect 71AB406A 5 Bytes JMP 016F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3608] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\Program Files\Internet Explorer\iexplore.exe[3608] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\Program Files\Internet Explorer\iexplore.exe[3608] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\Program Files\Internet Explorer\iexplore.exe[3608] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Internet Explorer\iexplore.exe[3608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\Program Files\Internet Explorer\iexplore.exe[3608] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\Program Files\Internet Explorer\iexplore.exe[3608] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\Program Files\Internet Explorer\iexplore.exe[3608] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\Program Files\Internet Explorer\iexplore.exe[3608] WS2_32.dll!connect 71AB406A 5 Bytes JMP 02103E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll

---- Processes - GMER 1.0.12 ----

Process C:\windows\system32\mujdxzspt.exe (*** hidden *** ) 1776
Library C:\windows\system32\mujdxzspt.exe (*** hidden *** ) @ C:\windows\system32\mujdxzspt.exe [1776] 0x00400000


Thanks Dan
  • 0

Advertisements

#11
DannyB100uk
Posted 25 November 2006 - 03:37 PM

DannyB100uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hope you can find the source of this now its really annoying. this what u needed?

thanks dan
  • 0

#12
Wizard
Posted 26 November 2006 - 04:39 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\MUJDXZSPT.EXE

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot
  • then Click on the Single File button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.



Restart in Safe Mode and Scan with GMER again.

Save that log so as not to confuse it with the first gmer log.


Restart Normal and post that log.
  • 0

#13
DannyB100uk
Posted 26 November 2006 - 06:54 AM

DannyB100uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GMER 1.0.12.11889 - http://www.gmer.net
Rootkit scan 2006-11-26 12:59:07
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.12 ----

.text C:\Acer\eManager\anbmServ.exe[200] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01621EC1
.text C:\Acer\eManager\anbmServ.exe[200] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01621C62
.text C:\Acer\eManager\anbmServ.exe[200] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01621A0B
.text C:\Acer\eManager\anbmServ.exe[200] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0162191B
.text C:\Acer\eManager\anbmServ.exe[200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01622C34
.text C:\Acer\eManager\anbmServ.exe[200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01622BA6
.text C:\Acer\eManager\anbmServ.exe[200] advapi32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01622DA7
.text C:\Acer\eManager\anbmServ.exe[200] advapi32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01622D16
.text C:\program files\mcafee.com\agent\mcdetect.exe[276] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\program files\mcafee.com\agent\mcdetect.exe[276] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\program files\mcafee.com\agent\mcdetect.exe[276] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\program files\mcafee.com\agent\mcdetect.exe[276] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\program files\mcafee.com\agent\mcdetect.exe[276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\program files\mcafee.com\agent\mcdetect.exe[276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\program files\mcafee.com\agent\mcdetect.exe[276] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\program files\mcafee.com\agent\mcdetect.exe[276] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[312] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[312] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[312] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[312] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[312] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\PROGRA~1\mcafee.com\agent\mctskshd.exe[312] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[336] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01031EC1
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[336] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01031C62
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[336] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01031A0B
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[336] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0103191B
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01032C34
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01032BA6
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[336] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01032DA7
.text C:\PROGRA~1\mcafee.com\vso\mcshield.exe[336] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01032D16
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[452] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[452] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[452] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[452] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[452] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[452] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[452] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[452] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[480] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 006D1EC1
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[480] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 006D1C62
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[480] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 006D1A0B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[480] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 006D191B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006D2C34
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006D2BA6
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[480] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 006D2DA7
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe[480] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 006D2D16
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\winlogon.exe[508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\winlogon.exe[508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\winlogon.exe[508] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\winlogon.exe[508] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\services.exe[552] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\services.exe[552] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\services.exe[552] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\services.exe[552] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\services.exe[552] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\services.exe[552] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\services.exe[552] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\lsass.exe[564] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\lsass.exe[564] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\lsass.exe[564] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\lsass.exe[564] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\lsass.exe[564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\lsass.exe[564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\lsass.exe[564] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\lsass.exe[564] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[616] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[616] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[616] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[616] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[616] advapi32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe[616] advapi32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\Ati2evxx.exe[712] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\Ati2evxx.exe[712] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\Ati2evxx.exe[712] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\Ati2evxx.exe[712] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\Ati2evxx.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\Ati2evxx.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\Ati2evxx.exe[712] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\Ati2evxx.exe[712] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\WINDOWS\system32\spoolsv.exe[1236] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\spoolsv.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\spoolsv.exe[1236] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\spoolsv.exe[1236] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D01EC1
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D01C62
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D01A0B
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D0191B
.text C:\WINDOWS\Explorer.EXE[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D02C34
.text C:\WINDOWS\Explorer.EXE[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D02BA6
.text C:\WINDOWS\Explorer.EXE[1488] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D02DA7
.text C:\WINDOWS\Explorer.EXE[1488] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D02D16
.text C:\WINDOWS\Explorer.EXE[1488] WS2_32.dll!connect 71AB406A 5 Bytes JMP 019F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\system32\wdfmgr.exe[1580] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\system32\wdfmgr.exe[1580] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\system32\wdfmgr.exe[1580] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1636] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 013B1EC1
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1636] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 013B1C62
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1636] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 013B1A0B
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1636] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 013B191B
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 013B2C34
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 013B2BA6
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1636] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 013B2DA7
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1636] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 013B2D16
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1636] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01363E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1644] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00EE1EC1
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1644] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00EE1C62
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1644] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00EE1A0B
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1644] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00EE191B
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EE2C34
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EE2BA6
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1644] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00EE2DA7
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1644] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00EE2D16
.text C:\Program Files\McAfee.com\VSO\oasclnt.exe[1644] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00EB3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1692] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01161EC1
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01161C62
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01161A0B
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1692] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0116191B
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1692] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01162C34
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1692] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01162BA6
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01162DA7
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01162D16
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1692] WS2_32.dll!connect 71AB406A 5 Bytes JMP 014C3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1700] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00CD1EC1
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1700] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00CD1C62
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1700] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00CD1A0B
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1700] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00CD191B
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CD2C34
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CD2BA6
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1700] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00CD2DA7
.text C:\progra~1\mcafee.com\vso\mcvsescn.exe[1700] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00CD2D16
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1716] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01DD1EC1
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1716] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01DD1C62
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1716] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01DD1A0B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1716] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01DD191B
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01DD2C34
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01DD2BA6
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1716] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01BA3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1716] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01DD2DA7
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01DD2D16
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1752] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01381EC1
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1752] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01381C62
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1752] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01381A0B
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1752] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0138191B
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01382C34
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01382BA6
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1752] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01382DA7
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1752] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01382D16
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[1752] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01343E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\windows\system32\mujdxzspt.exe[1768] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 015F1EC1
.text C:\windows\system32\mujdxzspt.exe[1768] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 015F1C62
.text C:\windows\system32\mujdxzspt.exe[1768] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 015F1A0B
.text C:\windows\system32\mujdxzspt.exe[1768] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 015F191B
.text C:\windows\system32\mujdxzspt.exe[1768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015F2C34
.text C:\windows\system32\mujdxzspt.exe[1768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015F2BA6
.text C:\windows\system32\mujdxzspt.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 015F2DA7
.text C:\windows\system32\mujdxzspt.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 015F2D16
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1820] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00C71EC1
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1820] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C71C62
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1820] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C71A0B
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1820] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00C7191B
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C72C34
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C72BA6
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1820] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00C72DA7
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1820] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00C72D16
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1820] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00F73E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A41EC1
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A41C62
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A41A0B
.text C:\WINDOWS\system32\ctfmon.exe[1864] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A4191B
.text C:\WINDOWS\system32\ctfmon.exe[1864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A42C34
.text C:\WINDOWS\system32\ctfmon.exe[1864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A42BA6
.text C:\WINDOWS\system32\ctfmon.exe[1864] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00A42DA7
.text C:\WINDOWS\system32\ctfmon.exe[1864] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00A42D16
.text C:\WINDOWS\system32\ctfmon.exe[1864] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00A13E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Messenger\msmsgs.exe[1880] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D61EC1
.text C:\Program Files\Messenger\msmsgs.exe[1880] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D61C62
.text C:\Program Files\Messenger\msmsgs.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D61A0B
.text C:\Program Files\Messenger\msmsgs.exe[1880] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D6191B
.text C:\Program Files\Messenger\msmsgs.exe[1880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D62C34
.text C:\Program Files\Messenger\msmsgs.exe[1880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D62BA6
.text C:\Program Files\Messenger\msmsgs.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D62DA7
.text C:\Program Files\Messenger\msmsgs.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D62D16
.text C:\Program Files\Messenger\msmsgs.exe[1880] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00D23E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[2004] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01821EC1
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[2004] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01821C62
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[2004] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01821A0B
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[2004] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0182191B
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[2004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01822C34
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[2004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01822BA6
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[2004] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01822DA7
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[2004] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01822D16
.text C:\progra~1\mcafee.com\vso\mcvsftsn.exe[2004] WS2_32.dll!connect 71AB406A 5 Bytes JMP 010E3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2548] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 10001EC1
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2548] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001C62
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2548] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001A0B
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2548] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2548] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2548] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text C:\Documents and Settings\becca\Desktop\tools\gmer\gmer.exe[2548] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00EB3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2828] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00FD3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\System32\alg.exe[3036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002C34
.text C:\WINDOWS\System32\alg.exe[3036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002BA6
.text C:\WINDOWS\System32\alg.exe[3036] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text C:\WINDOWS\System32\alg.exe[3036] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16

---- Processes - GMER 1.0.12 ----

Process C:\windows\system32\mujdxzspt.exe (*** hidden *** ) 1768
Library C:\windows\system32\mujdxzspt.exe (*** hidden *** ) @ C:\windows\system32\mujdxzspt.exe [1768] 0x00400000

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@mujdxzspt c:\windows\system32\mujdxzspt.exe mujdxzspt
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@mujdxzspt c:\windows\system32\mujdxzspt.exe mujdxzspt

---- Files - GMER 1.0.12 ----

File C:\WINDOWS\system32\mujdxzspt.exe
File C:\WINDOWS\system32\mujdxzspt.dat
File C:\WINDOWS\system32\mujdxzspt_nav.dat
File C:\WINDOWS\system32\mujdxzspt_navps.dat
File C:\WINDOWS\Prefetch\MUJDXZSPT.EXE-05EF6EA8.pf
File C:\!KillBox\MUJDXZSPT.EXE
File C:\!KillBox\MUJDXZSPT.EXE( 1)

---- EOF - GMER 1.0.12 ----

here is the scan i also did get a PendingFileRenameOperations prompt
Hope this helps
Many thanks Danny
  • 0

#14
Wizard
Posted 26 November 2006 - 07:46 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Gotta check something out here.

Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.

  • 0

#15
DannyB100uk
Posted 26 November 2006 - 12:15 PM

DannyB100uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the uninstall list mate hope this helps?


Acer eManager
Ad-Aware SE Personal
Adobe Reader 6.0
Agere Systems AC'97 Modem
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Canon PhotoRecord
Canon PIXMA iP1500
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Easy-WebPrint
FlashGet(JetCar)
HijackThis 1.99.1
ImageMixer VCD/DVD2 for OLYMPUS
Launch Manager
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee Uninstall Wizard
Microsoft .NET Framework 1.1
Microsoft Office XP Professional with FrontPage
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
NTI Backup NOW! 3
NTI CD & DVD-Maker Gold
OLYMPUS Master
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
SafeCast Shared Components
Samsung PC Studio 3 USB Driver Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Tesco internet phone
Ulead Photo Express 4.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP