1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Ultra Slow Office Machine 1

Discussion in 'Malware and Virus Removal Archive' started by Blue Star, 2010/08/16.

Page 1 of 3
  1. 2010/08/16
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    [Resolved] Ultra Slow Office Machine 1

    Hi Broni!.....DDS log


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by dadams at 1:30:10.76 on Tue 08/17/2010
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.153 [GMT -4:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\ahead\InCD\InCD.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cleanmgr.exe
    C:\Documents and Settings\Owner.WS08\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://companyweb
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
    mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe "
    mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
    mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
    mRun: [InCD] c:\program files\ahead\incd\InCD.exe
    mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [<NO NAME>]
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

    ============= SERVICES / DRIVERS ===============

    R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-12-27 8040]
    R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-12-27 299904]

    =============== Created Last 30 ================


    ==================== Find3M ====================

    2010-08-17 03:51:14 1632 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
    2001-12-15 02:56:59 17408 -csha-w- c:\program files\Thumbs.db
    2008-08-29 17:50:57 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat
    2009-03-06 15:18:59 16384 -csha-w- c:\windows\temp\cookies\index.dat
    2009-03-06 15:18:59 16384 -csha-w- c:\windows\temp\history\history.ie5\index.dat
    2009-03-06 15:18:59 32768 -csha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

    ============= FINISH: 1:33:02.62 ===============
     
    Blue Star,
    #1
  2. 2010/08/16
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    attach log......


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/22/2007 2:18:30 PM
    System Uptime: 8/16/2010 11:09:03 PM (2 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P4B266LM
    Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | mPGA 478 | 1614/100mhz

    ==== Disk Partitions =========================


    ==== Installed Programs ======================

    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.3
    BufferChm
    CameraDrivers
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    CustomerResearchQFolder
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    EPSON Attach To Email
    EPSON Copy Utility 3
    EPSON Event Manager
    EPSON Perfection V500 Photo Scanner Driver Update
    EPSON Perfection V500P User's Guide
    EPSON Scan
    EPSON Scan Assistant
    eSupportQFolder
    FBrowsingAdvisor
    FrostWire 4.18.5
    FullDPAppQFolder
    Google Toolbar for Internet Explorer
    GoToMeeting/GoToWebinar 3.0.0.198
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    hp deskjet 9600 series
    HP Extended Capabilities 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP Photosmart 330,380,420,470,7800,8000,8200 Series
    HP Product Assistant
    HP Solution Center & Imaging Support Tools 5.3
    HP Update
    HPProductAssistant
    InCD (ahead software)
    InstantShareDevices
    J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 17
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Karaoke Sound Tools
    MarketResearch
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NavigationEnhancer
    Nero - Burning Rom
    NVIDIA Windows 2000/XP Display Drivers
    PanoStandAlone
    PhotoGallery
    PS8000
    PSPrinters08
    PSTAPlugin
    RandMap
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Shadow Copy Client
    SkinsHP1
    SolutionCenter
    Sonic_PrimoSDK
    Status
    TrayApp
    Unload
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visio Standard
    WebFldrs XP
    WebReg
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver

    ==== End Of File ===========================
     
    Blue Star,
    #2


  3. to hide this advert.

  4. 2010/08/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
  5. 2010/08/18
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    Doing it now....thank you!
     
    Blue Star,
    #4
  6. 2010/08/18
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    wow..... what a mess!:eek:
    mbam log...............

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4445

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    8/18/2010 12:38:28 PM
    mbam-log-2010-08-18 (12-38-28).txt

    Scan type: Quick scan
    Objects scanned: 215664
    Time elapsed: 52 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.


    doing gmer now....
     
    Blue Star,
    #5
  7. 2010/08/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on....
     
    broni,
    #6
  8. 2010/08/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    after restart from MBAM, the bottom half of mywallpaper is black. Don't want to change anything w/o your say so....

    GMER log.....

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-19 10:25:25
    Windows 5.1.2600 Service Pack 3
    Running: f44qvxwf.exe; Driver: C:\DOCUME~1\OWNER~1.WS0\LOCALS~1\Temp\pxtdqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 82A9F109 ZwCreateThread
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x805891F1]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x805792D1]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x8058C5E8]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x8058A52C]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x80590AA6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x806383F2]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x8063A583]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x8063A5CC]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x8057A8C4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x80649391]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x80637BAD]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x805900C4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x8062FCF4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x8057ADAD]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x80591876]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x80626C4D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x805DD479]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x80568FCA]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805D9817]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805A253D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x804E2CC4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x8062C4AE]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x805C9BB6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x804ECFBC]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x80569676]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x805678CD]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x80590532]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x8064EC88]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x8058BA4E]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x80589F39]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x8064EEF5]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x8058C63A]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x804E2006]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x8065A3C6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x805A2905]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x8056D752]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x80649484]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x8056CF98]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x8058A785]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x805AB234]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x8063019F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x80570833]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x805D9708]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x80578217]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x8058412B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x805BBE63]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x80597609]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x805B14AC]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x8057FE4C]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x80649ABB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x805652B3]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x80572620]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x8059F586]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x8059E63D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x805A8BDA]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x805DB1D4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x8065B541]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x8065B69B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x80566410]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x8058C4E9]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x805D80BB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x80595316]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x8063A627]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x80592D64]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x805883AA]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x805BF031]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x805717C5]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x8057D1CB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x80570F41]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x80648E1F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x80589A67]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x80625A74]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x805B0C90]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x8058BCDE]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x8058CB4D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x80577873]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x805DC640]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x8059AD24]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x806274AF]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x80627002]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x805698F5]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x8057AC95]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x805E04D3]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x8062C4DB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x8059FE35]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x8053B79D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x8059762D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x8058B4BA]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x8057E821]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x805A80E6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x8062C293]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x80630053]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x8062C4C1]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x805AA775]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x805A3B73]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x805AEE7B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x805AECB8]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x8058E224]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x805B0E60]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x805D0F87]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x805B02E2]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x8059F9C2]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x8059F93F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x80626139]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x8062660D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x80573D41]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x8059112F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x8058EA94]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x8058EB5D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x80589E32]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x8057DEC7]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x80649577]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x8056CF33]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x80616ADF]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x806303F7]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x80568D48]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x805782C5]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x80595401]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x805719AC]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x8056E0CD]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x8056E2C6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x805711B4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x8059F042]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x80589CFE]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x8058E5C4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x8056DB6A]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x8056DADB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x806493AD]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x805DB394]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x8059CA1E]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x805DDA4E]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805DD2E8]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805AA8B8]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x80571E96]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x805DB12C]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x80574692]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x804F7E5D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x80566B82]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8057EC87]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x805722F6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x8058458D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x80616D2C]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x80589EAF]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x8057C9FA]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x805D7798]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x80572E4F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x80580A8D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x80623543]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x8056DD08]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x8056BC5D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x8056E837]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x8057E00B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x80649F6B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x80616BA0]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x80570C4A]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x8064E66B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x806498F0]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x8057F694]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x8064E875]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x80567338]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x806175F3]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x8057D6B6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x805DD8EE]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x806486EB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x80589B6F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x80648E47]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x80648E0C]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x8057BE20]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x8058A5B6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x805873F2]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x805841F3]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x8056A1F9]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x8056E3C4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8056D1DB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x8058A487]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x804E204E]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x80648427]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x805742F7]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x805DA8DF]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x8058B7FF]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x8057E4B8]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x80588189]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x8056647B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x8058BFFA]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x80566F99]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x8065B616]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x8064EAEA]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x8064F446]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x8057CEC4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x8056BA04]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x8056B51C]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x80623622]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestDeviceWakeup [0x8062C43B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x805DD6A4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x80576EC6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x8062C234]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x8059EC05]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x8053BC32]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x8064EFDD]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x8062FC94]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x805880AF]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x8064F0DE]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x8064F1C9]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x8064F2F6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x805888DA]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x8062E057]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x8065D15E]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x805D5707]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x805AE977]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x805AE91E]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x8061727B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x805696C5]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x80575B6E]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x80649877]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x80649797]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x8065AFB7]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x80574B2A]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x805AB388]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x8064E1CE]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x8057DF3D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x8056DDD9]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x80575756]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x805A8772]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x80649A97]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x8056BEF1]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x8062ED77]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x8064980B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x80649723]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x806175C9]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x8059B1F3]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x806490E4]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x805A7C5F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x80667A0B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x80647D6F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x805E0242]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x804E57AB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x805E08C8]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x805AAA9F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x80572A6E]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x80617B0F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x806474BB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x805173A1]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x80649D02]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x80649EBB]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x8062FC39]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x805E053E]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x8064A01B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x8063056D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateProcess [0x805824CC]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x8057BA6F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x80587B96]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x80545B50]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x80648E33]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x80619F32]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x8064DD32]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x8064DF63]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x8058E384]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x80627525]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x805738C6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x805B7B07]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x8065AD00]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805666C6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x8056617C]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x806496B7]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x8064964B]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x80574DD5]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x805DA515]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x8058B9EC]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x8057E60A]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x804F0EB6]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x805CBE3D]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x80581818]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x8064A48F]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x8064A72A]
    SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x8062D835]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? \WINDOWS\system32\ntoskrnl.exe kernel module suspicious modification

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[596] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .
     
    Blue Star,
    #7
  9. 2010/08/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    part 2....................



    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[616] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[856] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1232] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1316] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1624]

    WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

    (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1936] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!PeekNamedPipe
     
    Blue Star,
    #8
  10. 2010/08/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    part 3...........



    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll





    (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[2028] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!ReadFile

    7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!VirtualProtectEx

    7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!VirtualProtect

    7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!LoadLibraryA

    7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!GetStartupInfoA

    7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!GetProcAddress

    7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!WriteFile

    7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!CreatePipe

    7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!PeekNamedPipe

    7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] kernel32.dll!WinExec

    7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] msvcrt.dll!system

    77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] msvcrt.dll!_creat

    77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] msvcrt.dll!_read

    77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] msvcrt.dll!_write

    77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] ADVAPI32.dll!RegOpenKeyA

    77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] WS2_32.dll!select

    71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] WS2_32.dll!socket

    71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] WS2_32.dll!bind

    71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] WS2_32.dll!send

    71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] WS2_32.dll!recv

    71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] WININET.dll!InternetReadFile

    3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] WININET.dll!InternetOpenA

    3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[3220] WININET.dll!InternetOpenUrlA

    3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)

    ---- EOF - GMER 1.0.15 ----
     
    Blue Star,
    #9
  11. 2010/08/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    MBR check...............

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00051e3d

    Kernel Drivers (total 122):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF8BF5000 \WINDOWS\system32\KDCOM.DLL
    0xF8B05000 \WINDOWS\system32\BOOTVID.dll
    0xF86A6000 ACPI.sys
    0xF8BF7000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF8695000 pci.sys
    0xF86F5000 isapnp.sys
    0xF8705000 ohci1394.sys
    0xF8715000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF8BF9000 intelide.sys
    0xF8975000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF8725000 MountMgr.sys
    0xF8676000 ftdisk.sys
    0xF8BFB000 dmload.sys
    0xF8650000 dmio.sys
    0xF897D000 PartMgr.sys
    0xF8735000 VolSnap.sys
    0xF8638000 atapi.sys
    0xF8745000 disk.sys
    0xF8755000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF8618000 fltmgr.sys
    0xF8606000 sr.sys
    0xF8BFD000 bsstor.sys
    0xF8985000 PxHelp20.sys
    0xF85EF000 KSecDD.sys
    0xF85DC000 WudfPf.sys
    0xF854F000 Ntfs.sys
    0xF8522000 NDIS.sys
    0xF8508000 Mup.sys
    0xF8765000 agp440.sys
    0xF8795000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF87E5000 \SystemRoot\system32\DRIVERS\processr.sys
    0xF82F2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF82DE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8249000 \SystemRoot\system32\DRIVERS\ltmdmnt.sys
    0xF8ADD000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF8AE5000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
    0xF8AED000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF8235000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF87F5000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF8BB5000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF8805000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF8AF5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF8AFD000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8825000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF8835000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF8212000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF8845000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF899D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF81EE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF81D6000 \SystemRoot\system32\drivers\ac97intc.sys
    0xF81B2000 \SystemRoot\system32\drivers\portcls.sys
    0xF8855000 \SystemRoot\system32\drivers\drmk.sys
    0xF8CD7000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF8865000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF8BC1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF819B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF8875000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF8428000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF89A5000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF818A000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF8418000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF89BD000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF89C5000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF80BD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF83C8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF8C1D000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF805F000 \SystemRoot\system32\DRIVERS\update.sys
    0xF8BE1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF83A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF89FD000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF87A5000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8C27000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF8C29000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8D43000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8C2B000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF8A05000 \SystemRoot\System32\drivers\vga.sys
    0xF8C2D000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8C2F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF89CD000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF89D5000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF8B91000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF6F6D000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF6F14000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF8965000 \SystemRoot\system32\drivers\mvstdi5x.sys
    0xF6EEC000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF6ECA000 \SystemRoot\System32\drivers\afd.sys
    0xF88E5000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF6E9F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF6E2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF87B5000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF6E09000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF8945000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF8D53000 \SystemRoot\system32\DRIVERS\DMICall.sys
    0xF8905000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF89F5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF88B5000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF6D29000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF8C43000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF7FFF000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8A35000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8D6C000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xF4A72000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF4910000 \SystemRoot\System32\Drivers\BsUDF.SYS
    0xF488C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xF4613000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF8C49000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xF4530000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF40C8000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF4790000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF3DAF000 \SystemRoot\system32\drivers\naiavf5x.sys
    0xF3D9F000 \??\C:\WINDOWS\system32\drivers\EntDrv51.sys
    0xF8AA5000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xF3CEC000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xF3BBB000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF39C1000 \??\C:\DOCUME~1\OWNER~1.WS0\LOCALS~1\Temp\pxtdqpow.sys
    0xF34E6000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 39):
    0 System Idle Process
    4 System
    456 C:\WINDOWS\system32\smss.exe
    520 csrss.exe
    544 C:\WINDOWS\system32\winlogon.exe
    596 C:\WINDOWS\system32\services.exe
    616 C:\WINDOWS\system32\lsass.exe
    856 C:\WINDOWS\system32\svchost.exe
    996 svchost.exe
    1072 C:\Program Files\Windows Defender\MsMpEng.exe
    1116 C:\WINDOWS\system32\svchost.exe
    1152 C:\WINDOWS\system32\svchost.exe
    1232 svchost.exe
    1316 svchost.exe
    1416 C:\WINDOWS\system32\spoolsv.exe
    1508 svchost.exe
    1588 C:\Program Files\Java\jre6\bin\jqs.exe
    1624 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    1764 C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    1784 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    1848 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1880 C:\WINDOWS\system32\nvsvc32.exe
    1896 C:\WINDOWS\system32\HPZipm12.exe
    1936 C:\WINDOWS\system32\svchost.exe
    2028 naPrdMgr.exe
    2524 C:\WINDOWS\system32\wscntfy.exe
    3148 C:\WINDOWS\explorer.exe
    3220 C:\WINDOWS\system32\wuauclt.exe
    3628 C:\Program Files\Windows Defender\MSASCui.exe
    3652 C:\Program Files\Network Associates\VirusScan\shstat.exe
    3688 C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    3728 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    3752 C:\Program Files\ahead\InCD\InCD.exe
    3804 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3900 C:\Program Files\Java\jre6\bin\jusched.exe
    3964 C:\WINDOWS\system32\ctfmon.exe
    4008 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2072 C:\Program Files\Internet Explorer\iexplore.exe
    3056 C:\Documents and Settings\Owner.WS08\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000003`bc04ba00 (NTFS)
    \\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: ST380020A, Rev: 3.34
    PhysicalDrive1 Model Number: WD2500BB External, Rev: 0108

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
    SHA1: 2109F29445E77C0BCB56987F39830EB288D04575


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:
     
    Blue Star,
    #10
  12. 2010/08/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Don't worry about wallpaper issue for now.
    It may fix itself at some point.

    Run MBRCheck again.

    When it's done you'll see the following line:
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Pres the Y key and then press Enter

    When the program asks you to Enter your choice, enter 2 and press the Enter key.

    Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
    Enter 1 and press the Enter key.

    Next the program will show Available MBR codes:, followed by a list of operating systems.
    Please enter 1 for Windows XP, and then press Enter.

    Next the program will prompt for confirmation.
    Type YES and hit Enter.

    When it's done there should be a text file with the results on your desktop.
    Please copy and paste it back here.

    Then reboot, run MBRCheck again and post new log.
     
    broni,
    #11
  13. 2010/08/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    mbr log........

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00051e3d

    Kernel Drivers (total 122):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF8BF5000 \WINDOWS\system32\KDCOM.DLL
    0xF8B05000 \WINDOWS\system32\BOOTVID.dll
    0xF86A6000 ACPI.sys
    0xF8BF7000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF8695000 pci.sys
    0xF86F5000 isapnp.sys
    0xF8705000 ohci1394.sys
    0xF8715000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF8BF9000 intelide.sys
    0xF8975000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF8725000 MountMgr.sys
    0xF8676000 ftdisk.sys
    0xF8BFB000 dmload.sys
    0xF8650000 dmio.sys
    0xF897D000 PartMgr.sys
    0xF8735000 VolSnap.sys
    0xF8638000 atapi.sys
    0xF8745000 disk.sys
    0xF8755000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF8618000 fltmgr.sys
    0xF8606000 sr.sys
    0xF8BFD000 bsstor.sys
    0xF8985000 PxHelp20.sys
    0xF85EF000 KSecDD.sys
    0xF85DC000 WudfPf.sys
    0xF854F000 Ntfs.sys
    0xF8522000 NDIS.sys
    0xF8508000 Mup.sys
    0xF8765000 agp440.sys
    0xF8795000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF87E5000 \SystemRoot\system32\DRIVERS\processr.sys
    0xF82F2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF82DE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8249000 \SystemRoot\system32\DRIVERS\ltmdmnt.sys
    0xF8ADD000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF8AE5000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
    0xF8AED000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF8235000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF87F5000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF8BB5000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF8805000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF8AF5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF8AFD000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8825000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF8835000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF8212000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF8845000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF899D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF81EE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF81D6000 \SystemRoot\system32\drivers\ac97intc.sys
    0xF81B2000 \SystemRoot\system32\drivers\portcls.sys
    0xF8855000 \SystemRoot\system32\drivers\drmk.sys
    0xF8CD7000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF8865000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF8BC1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF819B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF8875000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF8428000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF89A5000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF818A000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF8418000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF89BD000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF89C5000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF80BD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF83C8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF8C1D000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF805F000 \SystemRoot\system32\DRIVERS\update.sys
    0xF8BE1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF83A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF89FD000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF87A5000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8C27000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF8C29000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8D43000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8C2B000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF8A05000 \SystemRoot\System32\drivers\vga.sys
    0xF8C2D000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8C2F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF89CD000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF89D5000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF8B91000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF6F6D000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF6F14000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF8965000 \SystemRoot\system32\drivers\mvstdi5x.sys
    0xF6EEC000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF6ECA000 \SystemRoot\System32\drivers\afd.sys
    0xF88E5000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF6E9F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF6E2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF87B5000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF6E09000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF8945000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF8D53000 \SystemRoot\system32\DRIVERS\DMICall.sys
    0xF8905000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF89F5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF88B5000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF6D29000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF8C43000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF7FFF000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8A35000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8D6C000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xF4A72000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF4910000 \SystemRoot\System32\Drivers\BsUDF.SYS
    0xF488C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xF4613000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF8C49000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xF4530000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF40C8000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF4790000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF3DAF000 \SystemRoot\system32\drivers\naiavf5x.sys
    0xF3D9F000 \??\C:\WINDOWS\system32\drivers\EntDrv51.sys
    0xF8AA5000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xF3CEC000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xF3BBB000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF39C1000 \??\C:\DOCUME~1\OWNER~1.WS0\LOCALS~1\Temp\pxtdqpow.sys
    0xF3198000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 38):
    0 System Idle Process
    4 System
    456 C:\WINDOWS\system32\smss.exe
    520 csrss.exe
    544 C:\WINDOWS\system32\winlogon.exe
    596 C:\WINDOWS\system32\services.exe
    616 C:\WINDOWS\system32\lsass.exe
    856 C:\WINDOWS\system32\svchost.exe
    996 svchost.exe
    1072 C:\Program Files\Windows Defender\MsMpEng.exe
    1116 C:\WINDOWS\system32\svchost.exe
    1152 C:\WINDOWS\system32\svchost.exe
    1232 svchost.exe
    1316 svchost.exe
    1416 C:\WINDOWS\system32\spoolsv.exe
    1508 svchost.exe
    1588 C:\Program Files\Java\jre6\bin\jqs.exe
    1624 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    1764 C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    1784 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    1848 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1880 C:\WINDOWS\system32\nvsvc32.exe
    1936 C:\WINDOWS\system32\svchost.exe
    2028 naPrdMgr.exe
    2524 C:\WINDOWS\system32\wscntfy.exe
    3148 C:\WINDOWS\explorer.exe
    3220 C:\WINDOWS\system32\wuauclt.exe
    3628 C:\Program Files\Windows Defender\MSASCui.exe
    3652 C:\Program Files\Network Associates\VirusScan\shstat.exe
    3688 C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    3728 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    3752 C:\Program Files\ahead\InCD\InCD.exe
    3804 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3900 C:\Program Files\Java\jre6\bin\jusched.exe
    3964 C:\WINDOWS\system32\ctfmon.exe
    4008 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1112 C:\Program Files\Internet Explorer\iexplore.exe
    3828 C:\Documents and Settings\Owner.WS08\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000003`bc04ba00 (NTFS)
    \\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: ST380020A, Rev: 3.34
    PhysicalDrive1 Model Number: WD2500BB External, Rev: 0108

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
    SHA1: 2109F29445E77C0BCB56987F39830EB288D04575


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 1
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
    RE: Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
     
    Blue Star,
    #12
  14. 2010/08/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Then reboot, run MBRCheck again and post new log.
     
    broni,
    #13
  15. 2010/08/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    new log.........

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00051e3d

    Kernel Drivers (total 121):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF8BF5000 \WINDOWS\system32\KDCOM.DLL
    0xF8B05000 \WINDOWS\system32\BOOTVID.dll
    0xF86A6000 ACPI.sys
    0xF8BF7000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF8695000 pci.sys
    0xF86F5000 isapnp.sys
    0xF8705000 ohci1394.sys
    0xF8715000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF8BF9000 intelide.sys
    0xF8975000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF8725000 MountMgr.sys
    0xF8676000 ftdisk.sys
    0xF8BFB000 dmload.sys
    0xF8650000 dmio.sys
    0xF897D000 PartMgr.sys
    0xF8735000 VolSnap.sys
    0xF8638000 atapi.sys
    0xF8745000 disk.sys
    0xF8755000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF8618000 fltmgr.sys
    0xF8606000 sr.sys
    0xF8BFD000 bsstor.sys
    0xF8985000 PxHelp20.sys
    0xF85EF000 KSecDD.sys
    0xF85DC000 WudfPf.sys
    0xF854F000 Ntfs.sys
    0xF8522000 NDIS.sys
    0xF8508000 Mup.sys
    0xF8765000 agp440.sys
    0xF8795000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF8825000 \SystemRoot\system32\DRIVERS\processr.sys
    0xF8113000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF80FF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF806A000 \SystemRoot\system32\DRIVERS\ltmdmnt.sys
    0xF8AFD000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF899D000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
    0xF89A5000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF8056000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF8835000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF8BB5000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF8845000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF89AD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF89B5000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8865000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF8875000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF8033000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF88A5000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF89BD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF800F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7FF7000 \SystemRoot\system32\drivers\ac97intc.sys
    0xF7FD3000 \SystemRoot\system32\drivers\portcls.sys
    0xF88B5000 \SystemRoot\system32\drivers\drmk.sys
    0xF8E09000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF8885000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF8BC1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF7FBC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF8895000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF88C5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF89C5000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF7FAB000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF8249000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF8AD5000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF8ADD000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7EDE000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF81C9000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF8C15000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF7DE0000 \SystemRoot\system32\DRIVERS\update.sys
    0xF8BE5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF87A5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF8AA5000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF8915000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8C39000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF8C43000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8D62000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8C45000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF89D5000 \SystemRoot\System32\drivers\vga.sys
    0xF8C47000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8C49000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF89DD000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF89E5000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7F9F000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF6A58000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF69FF000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF7E9E000 \SystemRoot\system32\drivers\mvstdi5x.sys
    0xF6977000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF68FE000 \SystemRoot\System32\drivers\afd.sys
    0xF7E8E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF68D3000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF6863000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7E7E000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF6823000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF7E6E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF7E5E000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF8A85000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF8D89000 \SystemRoot\system32\DRIVERS\DMICall.sys
    0xF664B000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF6633000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF8C89000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF674A000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8A1D000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8D96000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xF4306000 \SystemRoot\System32\Drivers\BsUDF.SYS
    0xF427A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xF40D1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF8C09000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xF3F8A000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF3C65000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF3E52000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF38D4000 \SystemRoot\system32\drivers\naiavf5x.sys
    0xF38BC000 \??\C:\WINDOWS\system32\drivers\EntDrv51.sys
    0xF8A25000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xF3749000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xF3A07000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF36B8000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF35ED000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 41):
    0 System Idle Process
    4 System
    460 C:\WINDOWS\system32\smss.exe
    584 csrss.exe
    608 C:\WINDOWS\system32\winlogon.exe
    652 C:\WINDOWS\system32\services.exe
    664 C:\WINDOWS\system32\lsass.exe
    904 C:\WINDOWS\system32\svchost.exe
    964 svchost.exe
    1028 C:\Program Files\Windows Defender\MsMpEng.exe
    1072 C:\WINDOWS\system32\svchost.exe
    1112 C:\WINDOWS\system32\svchost.exe
    1172 svchost.exe
    1268 svchost.exe
    1380 C:\WINDOWS\system32\spoolsv.exe
    1472 svchost.exe
    1548 C:\Program Files\Java\jre6\bin\jqs.exe
    1584 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    1612 C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    1724 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    1792 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1836 C:\WINDOWS\system32\nvsvc32.exe
    1848 C:\WINDOWS\system32\HPZipm12.exe
    1884 C:\WINDOWS\system32\svchost.exe
    1976 naPrdMgr.exe
    1180 C:\WINDOWS\system32\wuauclt.exe
    2644 alg.exe
    3000 C:\WINDOWS\system32\wscntfy.exe
    3140 C:\WINDOWS\explorer.exe
    3324 C:\WINDOWS\system32\wuauclt.exe
    3656 C:\Program Files\Windows Defender\MSASCui.exe
    3692 C:\Program Files\Network Associates\VirusScan\shstat.exe
    3716 C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    3768 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    3780 C:\Program Files\ahead\InCD\InCD.exe
    3900 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3984 C:\Program Files\Java\jre6\bin\jusched.exe
    3992 C:\WINDOWS\system32\ctfmon.exe
    4016 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    288 C:\Documents and Settings\Owner.WS08\Desktop\MBRCheck.exe
    344 C:\Program Files\Internet Explorer\iexplore.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000003`bc04ba00 (NTFS)
    \\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: ST380020A, Rev: 3.34
    PhysicalDrive1 Model Number: WD2500BB External, Rev: 0108

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
    SHA1: 2109F29445E77C0BCB56987F39830EB288D04575


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 1
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
    RE: Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
     
    Blue Star,
    #14
  16. 2010/08/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oh, I see....232 GB is an external drive, correct?


    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #15
  17. 2010/08/19
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    yes... external drive
     
    Blue Star,
    #16
  18. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on with Combofix.
     
    broni,
    #17
  19. 2010/08/20
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    ComboFix 10-08-18.04 - dadams 08/20/2010 1:18.1.1 - x86
    Running from: c:\documents and settings\Owner.WS08\Desktop\ComboFix.exe
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users.WINDOWS\Start Menu\HP Image Zone .lnk
    c:\documents and settings\Owner.WS08\g2mdlhlpx.exe
    c:\windows\system32\.log
    L:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
    .

    2010-08-18 15:00 . 2010-08-18 15:00 -------- d-----w- c:\documents and settings\Owner.WS08\Application Data\Malwarebytes
    2010-08-18 14:56 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-18 14:55 . 2010-08-18 14:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2010-08-18 14:55 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-18 14:55 . 2010-08-18 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-17 04:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-08-17 04:12 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-08-17 04:10 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-08-15 06:14 . 2010-08-15 06:14 152576 ----a-w- c:\documents and settings\Owner.WS08\Application Data\Sun\Java\jre1.6.0_21\lzma.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-19 02:57 . 2007-01-24 17:50 1632 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:15 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:15 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 12:15 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2007-01-22 19:08 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
    2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2001-12-15 02:56 . 2001-12-15 02:56 17408 -csha-w- c:\program files\Thumbs.db
    .

    ------- Sigcheck -------

    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [7] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "NvQTwk" [X]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "ShStatEXE "= "c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
    "Network Associates Error Reporting Service "= "c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
    "NeroCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "McAfeeUpdaterUI "= "c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
    "InCD "= "c:\program files\ahead\InCD\InCD.exe" [2001-12-05 868352]
    "HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "gusvc "=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=

    R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [12/27/2007 1:53 PM 8040]
    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [4/26/2007 1:14 PM 58048]
    R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [12/27/2007 1:53 PM 299904]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-20 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-20 01:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(664)
    c:\windows\system32\EntApi.dll
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-08-20 01:35:13
    ComboFix-quarantined-files.txt 2010-08-20 05:34

    Pre-Run: 163,713,024 bytes free
    Post-Run: 529,457,152 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /noexecute=optin

    - - End Of File - - 42A2A7459D93D88D8DF573FA6A970A5E
     
    Blue Star,
    #18
  20. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll | c:\windows\system32\mspmsnsv.dll
c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll | c:\windows\system32\dllcache\mspmsnsv.dll

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #19
  21. 2010/08/21
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    doing the above now...........
     
    Blue Star,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...