 |  |  |  |  |  |  |  |
Popups, Mbam.exe deleted, Anti virus websites "cannot be displayed": Please help!
 |
As the title states, mbam.exe is deleted from my hard drive even when I newly install malwarebytes, I'm getting many popups, and every antivirus website "cannot be displayed" I will put up my Hijackthis file. Thank you so much for the help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:11 PM, on 10/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE
C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE
C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...8&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...8&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askR...gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Program Files\Hewlett-Packard\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [gayamoyak] Rundll32.exe "c:\windows\system32\lupuwufe.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://hansononline/hbma/Portal/resources/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171470851375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://usirapp01.hanson-america.net:...or/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\Software\..\Telephony: DomainName = grouphc.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grouphc.net
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll c:\windows\system32\lupuwufe.dll,dukazewe.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O21 - SSODL: zetafogig - {ac55fe80-304d-4b4b-ae1a-878ce1f78584} - c:\windows\system32\lupuwufe.dll
O22 - SharedTaskScheduler: mujuzedij - {ac55fe80-304d-4b4b-ae1a-878ce1f78584} - c:\windows\system32\lupuwufe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 13508 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:11 PM, on 10/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE
C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE
C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...8&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...8&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askR...gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Program Files\Hewlett-Packard\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [gayamoyak] Rundll32.exe "c:\windows\system32\lupuwufe.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://hansononline/hbma/Portal/resources/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171470851375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://usirapp01.hanson-america.net:...or/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\Software\..\Telephony: DomainName = grouphc.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grouphc.net
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll c:\windows\system32\lupuwufe.dll,dukazewe.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O21 - SSODL: zetafogig - {ac55fe80-304d-4b4b-ae1a-878ce1f78584} - c:\windows\system32\lupuwufe.dll
O22 - SharedTaskScheduler: mujuzedij - {ac55fe80-304d-4b4b-ae1a-878ce1f78584} - c:\windows\system32\lupuwufe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 13508 bytes
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 754
0
#2 29 Days Ago
Please download ComboFix by sUBs from HERE or HERE
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
0
#3 27 Days Ago
For some reason, Combofix isn't making any progress. I kept it open all night and all it said something along the lines of "this scan typically takes ten minutes.... for infected computers it may double." Did I do something wrong?
0
#4 27 Days Ago
While you are waiting for crunchie to check back, please give this a go:
Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php
-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO
-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)
-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.
***Disconnect from the internet and do not run any other programs while GMER is scanning. DO NOT take any action for any found items until either crunchie or I can have a look.
PP
Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php
-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO
-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)
-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.
***Disconnect from the internet and do not run any other programs while GMER is scanning. DO NOT take any action for any found items until either crunchie or I can have a look.
PP
Last edited by PhilliePhan; 27 Days Ago at 11:39 pm.
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
0
#5 27 Days Ago
Okay so here's the GMER Log. I actually had to go through vtunnel to access this file. The page was "not found" otherwise. 
Anyways, here's the log. I really appreciate the help.
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-27 21:55:01
Windows 5.1.2600 Service Pack 2
Running: zf8b769y.exe; Driver: C:\DOCUME~1\BCHODK~1.HAN\LOCALS~1\Temp\pfroruog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA72206D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA6FBF57B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA6FBF4FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA6FBF5A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA6FBF50F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA6FBF53B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA6FBF5CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA6FBF4E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA6FBF58F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA6FBF525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA6FBF551]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA6FBF567]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA6FBF5E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA6FBF5B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80503FE8 7 Bytes JMP A6FBF5BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577ED2 5 Bytes JMP A6FBF57F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0A7E 7 Bytes JMP A6FBF5D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B188C 5 Bytes JMP A6FBF5E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6E5E 7 Bytes JMP A6FBF593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFAE0 5 Bytes JMP A6FBF5A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1232 5 Bytes JMP A6FBF56B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806207D0 7 Bytes JMP A6FBF555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621B36 7 Bytes JMP A6FBF529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80622110 5 Bytes JMP A6FBF4FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 806225A0 7 Bytes JMP A6FBF513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622770 7 Bytes JMP A6FBF53F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806234A6 5 Bytes JMP A6FBF4EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00830F63
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00830F7E
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00830F9B
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00830058
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0083003D
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00830F48
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0083008E
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00830F2D
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008300BC
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008300D7
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00830FC0
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00830000
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0083007D
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0083002C
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00830011
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008300AB
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00720FCA
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00720FA5
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0072001B
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00720FEF
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0072006C
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00720051
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00720040
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710040
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710FB5
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00710FC6
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0071001B
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FE3
.text C:\WINDOWS\system32\svchost.exe[204] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00700FDB
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00700FCA
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00700011
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0FE5
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E0078
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0F83
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0051
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0040
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E001B
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E0F3C
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F57
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E00BA
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00A9
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008E00CB
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008E0F9E
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008E0F72
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008E0FB9
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008E0F2B
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008D0FE5
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008D0080
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008D0040
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008D001B
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008D0FB9
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008D0051
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0F9C
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0FB7
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C0FD2
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0027
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C000C
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BE0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BE0F5E
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BE0F79
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BE0F8A
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BE003D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BE0FB6
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BE0F30
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BE0078
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BE00AE
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BE0093
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00BE0EFA
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00BE0F9B
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00BE0FDB
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00BE0F4D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00BE0022
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00BE0011
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00BE0F1F
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BD0022
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BD0F9B
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BD0FDB
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BD0011
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BD0FB6
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BD0058
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BD0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BD003D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FD2
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC005D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FE3
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0042
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC001D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40F81
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F40076
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40FA8
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40065
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F40F55
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F40F66
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F400DA
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F400C9
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F400F5
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F40FC3
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F40025
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F40091
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F40036
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F400B8
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A00044
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00033
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A00018
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A00FC3
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A1006C
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A1005B
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A10FAF
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A10036
.text C:\WINDOWS\system32\services.exe[1364] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40060
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F4004F
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40F75
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40F86
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F40FBC
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F40F18
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F40F35
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F40EEC
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F40085
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F40EDB
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F40FA1
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F40014
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F40F50
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F40FCD
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F40F07
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F30036
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F30084
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F30025
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F3000A
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F30073
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F30062
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F30051
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20051
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FC6
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20FD7
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F2002C
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20011
.text C:\WINDOWS\system32\lsass.exe[1376] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F10000
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F70087
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F7006C
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F70051
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F7002F
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F70F66
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F700A2
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F70F55
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F700EE
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F70109
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F70040
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F70FDE
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F70F81
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F70FC3
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F70014
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F700D3
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00DD002F
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00DD006C
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00DD0014
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00DD005B
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00DD004A
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DC004C
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DC0031
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DC0FC1
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DC0016
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DC0FD2
.text C:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DA000A
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00DB0FC3
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00850000
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00850F72
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00850F83
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00850F94
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00850FA5
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00850FC0
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00850F30
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00850082
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008500B8
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0085009D
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00850EFA
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00850047
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00850011
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00850F57
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00850FD1
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00850022
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00850F1F
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00840011
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00840F6C
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00840FC0
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00840FDB
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00840033
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00840F9B
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00840000
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00840022
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00830F9C
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00830027
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00830FC1
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00830FE3
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00830016
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00830FD2
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E008C
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0F97
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0065
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0FA8
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E00A7
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F6B
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E0F29
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00C2
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008E00E7
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008E004A
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008E0F7C
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008E0025
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008E0F44
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008D0FC3
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008D004A
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008D0FDE
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008D002F
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008D0F8D
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008D0FA8
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0066
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0055
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C003A
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C000C
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0029
.text C:\WINDOWS\system32\svchost.exe[1652] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008B0FE5
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E00000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E00F8D
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E00082
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E00FA8
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E00065
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E00FCD
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E00F4B
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E0009D
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E000B8
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E00F1F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00E000D3
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00E00054
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00E00FEF
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00E00F72
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00E0002F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00E00FDE
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00E00F30
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00DF002C
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00DF0FA5
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00DF001B
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00DF0000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00DF0062
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00DF0FC0
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00DF0FEF
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00DF0047
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0067
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE004C
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FD2
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0027
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FE3
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\System32\svchost.exe[1860] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 01C1538E
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02110000
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0211007D
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02110062
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02110047
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02110F94
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02110FC0
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02110F52
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0211008E
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 021100D0
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02110F37
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02110F1C
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02110FA5
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02110011
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02110F6D
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02110FDB
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA 7C85FC74 3 Bytes JMP 0211002C
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA + 4 7C85FC78 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 021100B5
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02100022
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0210005F
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02100FDB
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02100011
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0210004E
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0210003D
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02100000
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02100FB6
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 020F0016
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!system 77C293C7 5 Bytes JMP 020F0F8B
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 020F0FC1
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 020F0FE3
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 020F0FA6
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 020F0FD2
.text C:\WINDOWS\System32\svchost.exe[1860] NETAPI32.dll!NetpwPathCanonicalize 5B86A101 5 Bytes JMP 01C1532E
.text C:\WINDOWS\System32\svchost.exe[1860] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01CA0000
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 01CB000A
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 01CB0FEF
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 01CB0FD4
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 01CB0025
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 0095538E
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A2007D
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A20F88
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A20062
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A20FA5
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A2003D
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A200B5
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A200A4
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A20F30
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A20F41
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A20F15
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A20FB6
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A20F6D
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A2002C
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A20011
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A20F52
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009F0F9E
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009F0FB9
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0F94
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FAF
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0029
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0018
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 009D0011
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenUrlA 771C5A72 3 Bytes JMP 009D0022
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenUrlA + 4 771C5A76 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 009D0FC5
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F41
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0025
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F0B
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0047
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0093
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0078
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00AE
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F26
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0014
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FCD
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0EFA
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0028002C
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!system 77C293C7 5 Bytes JMP 00280FA1
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00280FCD
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00280FEF
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00280FB2
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00280FDE
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290FA1
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290FB2
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290FC3
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 003C0FDB
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 003C0000
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 003C0FBE
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 003C0011
.text C:\WINDOWS\Explorer.EXE[3328] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01770000
Anyways, here's the log. I really appreciate the help.GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-27 21:55:01
Windows 5.1.2600 Service Pack 2
Running: zf8b769y.exe; Driver: C:\DOCUME~1\BCHODK~1.HAN\LOCALS~1\Temp\pfroruog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA72206D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA6FBF57B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA6FBF4FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA6FBF5A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA6FBF50F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA6FBF53B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA6FBF5CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA6FBF4E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA6FBF58F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA6FBF525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA6FBF551]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA6FBF567]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA6FBF5E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA6FBF5B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80503FE8 7 Bytes JMP A6FBF5BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577ED2 5 Bytes JMP A6FBF57F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0A7E 7 Bytes JMP A6FBF5D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B188C 5 Bytes JMP A6FBF5E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6E5E 7 Bytes JMP A6FBF593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFAE0 5 Bytes JMP A6FBF5A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1232 5 Bytes JMP A6FBF56B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806207D0 7 Bytes JMP A6FBF555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621B36 7 Bytes JMP A6FBF529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80622110 5 Bytes JMP A6FBF4FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 806225A0 7 Bytes JMP A6FBF513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622770 7 Bytes JMP A6FBF53F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806234A6 5 Bytes JMP A6FBF4EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00830F63
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00830F7E
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00830F9B
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00830058
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0083003D
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00830F48
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0083008E
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00830F2D
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008300BC
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008300D7
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00830FC0
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00830000
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0083007D
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0083002C
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00830011
.text C:\WINDOWS\system32\svchost.exe[204] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008300AB
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00720FCA
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00720FA5
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0072001B
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00720FEF
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0072006C
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00720051
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\svchost.exe[204] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00720040
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710040
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710FB5
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00710FC6
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0071001B
.text C:\WINDOWS\system32\svchost.exe[204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FE3
.text C:\WINDOWS\system32\svchost.exe[204] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00700FDB
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00700FCA
.text C:\WINDOWS\system32\svchost.exe[204] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00700011
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0FE5
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E0078
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0F83
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0051
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0040
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E001B
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E0F3C
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F57
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E00BA
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00A9
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008E00CB
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008E0F9E
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008E0F72
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008E0FB9
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008E0F2B
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008D0FE5
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008D0080
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008D0040
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008D001B
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008D0FB9
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008D0051
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0F9C
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0FB7
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C0FD2
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0027
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C000C
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BE0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BE0F5E
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BE0F79
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BE0F8A
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BE003D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BE0FB6
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BE0F30
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BE0078
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BE00AE
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BE0093
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00BE0EFA
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00BE0F9B
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00BE0FDB
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00BE0F4D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00BE0022
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00BE0011
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00BE0F1F
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BD0022
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BD0F9B
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BD0FDB
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BD0011
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BD0FB6
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BD0058
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BD0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BD003D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FD2
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC005D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FE3
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0042
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC001D
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[968] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40F81
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F40076
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40FA8
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40065
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F40F55
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F40F66
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F400DA
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F400C9
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F400F5
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F40FC3
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F40025
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F40091
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F40036
.text C:\WINDOWS\system32\services.exe[1364] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F400B8
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A00044
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00033
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A00018
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A00FC3
.text C:\WINDOWS\system32\services.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A1006C
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A1005B
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A10FAF
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\services.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A10036
.text C:\WINDOWS\system32\services.exe[1364] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40060
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F4004F
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40F75
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40F86
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F40FBC
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F40F18
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F40F35
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F40EEC
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F40085
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F40EDB
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F40FA1
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F40014
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F40F50
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F40FCD
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\lsass.exe[1376] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F40F07
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F30036
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F30084
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F30025
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F3000A
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F30073
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F30062
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\lsass.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F30051
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20051
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FC6
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20FD7
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F2002C
.text C:\WINDOWS\system32\lsass.exe[1376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20011
.text C:\WINDOWS\system32\lsass.exe[1376] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F10000
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F70087
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F7006C
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F70051
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F7002F
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F70F66
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F700A2
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F70F55
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F700EE
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F70109
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F70040
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F70FDE
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F70F81
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F70FC3
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F70014
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F700D3
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00DD002F
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00DD006C
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00DD0014
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00DD005B
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00DD004A
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DC004C
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DC0031
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DC0FC1
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DC0016
.text C:\WINDOWS\System32\svchost.exe[1540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DC0FD2
.text C:\WINDOWS\System32\svchost.exe[1540] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DA000A
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[1540] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00DB0FC3
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00850000
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00850F72
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00850F83
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00850F94
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00850FA5
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00850FC0
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00850F30
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00850082
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008500B8
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0085009D
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00850EFA
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00850047
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00850011
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00850F57
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00850FD1
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00850022
.text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00850F1F
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00840011
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00840F6C
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00840FC0
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00840FDB
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00840033
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00840F9B
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00840000
.text C:\WINDOWS\system32\svchost.exe[1568] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00840022
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00830F9C
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00830027
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00830FC1
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00830FE3
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00830016
.text C:\WINDOWS\system32\svchost.exe[1568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00830FD2
.text C:\WINDOWS\system32\svchost.exe[1568] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E008C
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0F97
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0065
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0FA8
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E00A7
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F6B
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E0F29
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00C2
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008E00E7
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008E004A
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008E0F7C
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008E0025
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008E0F44
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008D0FC3
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008D004A
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008D0FDE
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008D002F
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008D0F8D
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008D0FA8
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0066
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0055
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C003A
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C000C
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0029
.text C:\WINDOWS\system32\svchost.exe[1652] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008B0FE5
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E00000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E00F8D
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E00082
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E00FA8
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E00065
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E00FCD
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E00F4B
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E0009D
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E000B8
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E00F1F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00E000D3
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00E00054
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00E00FEF
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00E00F72
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00E0002F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00E00FDE
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00E00F30
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00DF002C
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00DF0FA5
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00DF001B
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00DF0000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00DF0062
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00DF0FC0
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00DF0FEF
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00DF0047
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0067
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE004C
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FD2
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0000
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0027
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FE3
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1724] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\System32\svchost.exe[1860] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 01C1538E
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02110000
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0211007D
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02110062
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02110047
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02110F94
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02110FC0
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02110F52
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0211008E
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 021100D0
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02110F37
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02110F1C
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02110FA5
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02110011
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02110F6D
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02110FDB
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA 7C85FC74 3 Bytes JMP 0211002C
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA + 4 7C85FC78 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1860] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 021100B5
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02100022
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0210005F
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02100FDB
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02100011
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0210004E
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0210003D
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02100000
.text C:\WINDOWS\System32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02100FB6
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 020F0016
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!system 77C293C7 5 Bytes JMP 020F0F8B
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 020F0FC1
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 020F0FE3
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 020F0FA6
.text C:\WINDOWS\System32\svchost.exe[1860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 020F0FD2
.text C:\WINDOWS\System32\svchost.exe[1860] NETAPI32.dll!NetpwPathCanonicalize 5B86A101 5 Bytes JMP 01C1532E
.text C:\WINDOWS\System32\svchost.exe[1860] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01CA0000
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 01CB000A
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 01CB0FEF
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 01CB0FD4
.text C:\WINDOWS\System32\svchost.exe[1860] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 01CB0025
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 0095538E
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A2007D
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A20F88
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A20062
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A20FA5
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A2003D
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A200B5
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A200A4
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A20F30
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A20F41
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A20F15
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A20FB6
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A20F6D
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A2002C
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A20011
.text C:\WINDOWS\system32\svchost.exe[2044] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A20F52
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009F0F9E
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[2044] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009F0FB9
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0F94
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FAF
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0029
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\system32\svchost.exe[2044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0018
.text C:\WINDOWS\system32\svchost.exe[2044] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 009D0011
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenUrlA 771C5A72 3 Bytes JMP 009D0022
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenUrlA + 4 771C5A76 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[2044] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 009D0FC5
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F41
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0025
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F0B
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0047
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0093
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0078
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00AE
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F26
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0014
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FCD
.text C:\WINDOWS\Explorer.EXE[3328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0EFA
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0028002C
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!system 77C293C7 5 Bytes JMP 00280FA1
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00280FCD
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00280FEF
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00280FB2
.text C:\WINDOWS\Explorer.EXE[3328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00280FDE
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290FA1
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290FB2
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290FC3
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 003C0FDB
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 003C0000
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 003C0FBE
.text C:\WINDOWS\Explorer.EXE[3328] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 003C0011
.text C:\WINDOWS\Explorer.EXE[3328] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01770000
0
#6 27 Days Ago
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00892F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00892CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00892D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00892CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00962F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00962CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00962D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00962CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] Wmdmprov <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@DisplayName iyglu
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov\Parameters@ServiceDll C:\WINDOWS\system32\qctqykkn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@DisplayName iyglu
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov\Parameters@ServiceDll C:\WINDOWS\system32\qctqykkn.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32\APSHook.dll
---- EOF - GMER 1.0.15 ----
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe[172] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HPQ\IAM\bin\asghost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\AGRSMMSG.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00892F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00892CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00892D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[1748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00892CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe[2296] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00962F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00962CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00962D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Citrix\ICA Client\ssonsvr.exe[3116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00962CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hphmon05.exe[3348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[3816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Network Associates\Common Framework\McTray.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\logitech\quickcam\lu\lulnchr.exe[4964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\lulnchr.exe[5032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\logitech\lu\LogitechUpdate.exe[5096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\bchodkowski.HANSON-AMERICA\Desktop\zf8b769y.exe[6016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] Wmdmprov <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@DisplayName iyglu
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmdmprov\Parameters@ServiceDll C:\WINDOWS\system32\qctqykkn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@DisplayName iyglu
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Wmdmprov\Parameters@ServiceDll C:\WINDOWS\system32\qctqykkn.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32\APSHook.dll
---- EOF - GMER 1.0.15 ----
0
#7 27 Days Ago
And also I just ran across...
It let me reach security sites, and am now scanning from trendmicro! Is my issue solved?
•
•
•
•
The log looks good, but the symptom are very similar to those caused by Conficker virus. You can restore access to security web sites on an infected machine by taking the following steps:
1. Click Start > Run.
2. In the Run box, type the following: cmd
3. Click OK.
4. Type the following and then press Enter. cd..
5. Repeat the previous step until you get to the root level, or C:\>. Note that if your root drive is not C, the letter will be different.
6. At C:\> type the following: net stop dnscache
7. Press Enter. This disables the domain blocking feature of Conficker and you should now be able to reach security Web sites.
0
#8 27 Days Ago
•
•
•
•
Originally Posted by iceicle1324 
Is my issue solved?
You have a large infestation with rootkit components. Hang in there for crunchie to post back - I don't want to get in his way.
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 754
0
#9 26 Days Ago
Unfortunately, I have had absolutely nothing to do with Gmer other than look through a few logs in passing, so I will get you to try running combofix a different way to try and get it to run through.
PhilliePhan, is there a good tutorial around for Gmer?
==
Do not mouse-click combofix's window while it is running. That may cause it to stall.
* Re-enable all the programs that were disabled prior to the running of ComboFix.
* Post the following logs/Reports:
PhilliePhan, is there a good tutorial around for Gmer?
==
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
- Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.
••••"%userprofile%\desktop\ComboFix.exe" /KillAll
- Click OK and this will start ComboFix.
- When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply along with a fresh HJT log.
Do not mouse-click combofix's window while it is running. That may cause it to stall.
* Re-enable all the programs that were disabled prior to the running of ComboFix.
* Post the following logs/Reports:
- ComboFix.txt
- Fresh HijackThis log run after all the other tools have performed their cleanup.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
0
#10 26 Days Ago
The scan was successful! Here is the Combofix Log, followed by a fresh HJT log.
ComboFix 09-10-27.08 - bchodkowski 10/28/2009 17:16.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1672 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\desktop\combofix.exe
Command switches used :: /KillAll
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\LOG10.tmp
C:\LOG12.tmp
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\bewijeze(2).dll
c:\windows\system32\boponase.dll.tmp
c:\windows\system32\diveredi.dll.tmp
c:\windows\system32\logon.exe
c:\windows\system32\lupuwufe(2).dll
c:\windows\system32\mefupojo(2).dll
c:\windows\system32\riyudegi.dll.tmp
c:\windows\system32\tomuzipu(2).dll
----- BITS: Possible infected sites -----
hxxp://namsgirvg050.grouphc.net:8530
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-28 03:39 . 2009-10-28 03:36 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 03:36 . 2009-10-28 03:41 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\.housecall6.6
2009-10-27 03:59 . 2009-10-27 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-27 03:56 . 2009-10-27 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 03:53 . 2009-10-27 03:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-10-26 04:42 . 2009-10-27 03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2009-10-12 18:13 . 2009-10-28 22:15 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-12 05:27 . 2009-10-12 05:27 -------- d-----w- c:\program files\Trend Micro
2009-10-12 04:28 . 2009-10-12 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-12 04:27 . 2009-10-12 04:27 -------- d-----w- c:\program files\Common Files\iS3
2009-10-12 04:27 . 2009-10-12 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 04:30 . 2008-02-13 21:31 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-09-24 02:37 . 2009-09-24 02:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Walgreens
2009-09-24 02:31 . 2009-09-24 02:31 -------- d-----w- c:\program files\Walgreens
2009-09-21 02:47 . 2009-09-21 02:47 -------- d-----w- c:\program files\ICCup
2009-09-14 03:26 . 2009-09-03 03:13 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Skype
2009-09-14 03:26 . 2009-09-03 03:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\skypePM
2009-09-10 02:31 . 2009-09-10 02:31 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-09-10 02:31 . 2009-09-10 02:26 -------- d-----w- c:\program files\Logitech
2009-09-10 02:31 . 2007-02-14 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 02:29 . 2009-08-27 01:52 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-10 02:17 . 2009-08-27 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-09-10 02:12 . 2009-09-03 03:12 -------- d-----r- c:\program files\Skype
2009-09-10 02:11 . 2009-09-10 02:11 -------- d-----w- c:\program files\Common Files\Skype
2009-09-10 02:11 . 2009-09-03 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-09 21:46 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\AIM6
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\Viewpoint
2009-09-03 03:17 . 2009-09-03 03:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-30 01:18 . 2009-08-30 01:18 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-03 18:36 . 2009-09-09 03:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-09 03:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.21.47 )))))))))))))))))))))))))))))))))))))))))
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:56 PM, on 10/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Program Files\Hewlett-Packard\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://hansononline/hbma/Portal/resources/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171470851375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://usirapp01.hanson-america.net:...or/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\Software\..\Telephony: DomainName = grouphc.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grouphc.net
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 12183 bytes
ComboFix 09-10-27.08 - bchodkowski 10/28/2009 17:16.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1672 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\desktop\combofix.exe
Command switches used :: /KillAll
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\LOG10.tmp
C:\LOG12.tmp
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\bewijeze(2).dll
c:\windows\system32\boponase.dll.tmp
c:\windows\system32\diveredi.dll.tmp
c:\windows\system32\logon.exe
c:\windows\system32\lupuwufe(2).dll
c:\windows\system32\mefupojo(2).dll
c:\windows\system32\riyudegi.dll.tmp
c:\windows\system32\tomuzipu(2).dll
----- BITS: Possible infected sites -----
hxxp://namsgirvg050.grouphc.net:8530
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-28 03:39 . 2009-10-28 03:36 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 03:36 . 2009-10-28 03:41 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\.housecall6.6
2009-10-27 03:59 . 2009-10-27 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-27 03:56 . 2009-10-27 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 03:53 . 2009-10-27 03:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-10-26 04:42 . 2009-10-27 03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2009-10-12 18:13 . 2009-10-28 22:15 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-12 05:27 . 2009-10-12 05:27 -------- d-----w- c:\program files\Trend Micro
2009-10-12 04:28 . 2009-10-12 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-12 04:27 . 2009-10-12 04:27 -------- d-----w- c:\program files\Common Files\iS3
2009-10-12 04:27 . 2009-10-12 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 04:30 . 2008-02-13 21:31 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-09-24 02:37 . 2009-09-24 02:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Walgreens
2009-09-24 02:31 . 2009-09-24 02:31 -------- d-----w- c:\program files\Walgreens
2009-09-21 02:47 . 2009-09-21 02:47 -------- d-----w- c:\program files\ICCup
2009-09-14 03:26 . 2009-09-03 03:13 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Skype
2009-09-14 03:26 . 2009-09-03 03:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\skypePM
2009-09-10 02:31 . 2009-09-10 02:31 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-09-10 02:31 . 2009-09-10 02:26 -------- d-----w- c:\program files\Logitech
2009-09-10 02:31 . 2007-02-14 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 02:29 . 2009-08-27 01:52 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-10 02:17 . 2009-08-27 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-09-10 02:12 . 2009-09-03 03:12 -------- d-----r- c:\program files\Skype
2009-09-10 02:11 . 2009-09-10 02:11 -------- d-----w- c:\program files\Common Files\Skype
2009-09-10 02:11 . 2009-09-03 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-09 21:46 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\AIM6
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\Viewpoint
2009-09-03 03:17 . 2009-09-03 03:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-30 01:18 . 2009-08-30 01:18 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-03 18:36 . 2009-09-09 03:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-09 03:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.21.47 )))))))))))))))))))))))))))))))))))))))))
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:56 PM, on 10/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Program Files\Hewlett-Packard\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://hansononline/hbma/Portal/resources/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171470851375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://usirapp01.hanson-america.net:...or/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\Software\..\Telephony: DomainName = grouphc.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grouphc.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grouphc.net
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 12183 bytes
Last edited by iceicle1324; 26 Days Ago at 7:41 pm.
|
Similar Threads
- Can not access microsoft.com or any other anti-virus sites avg.com trendmicro.com etc (Viruses, Spyware and other Nasties)
- "Anti-Virus Number-1" Free Removal? (Viruses, Spyware and other Nasties)
- missling dll32.exe, deleted by me, trying to get rid of a virus! (Viruses, Spyware and other Nasties)
- Help! Hosts file problem (Viruses, Spyware and other Nasties)
- Help! Antivirus websites "cannot be displayed" (Viruses, Spyware and other Nasties)
- Virus will not let me access anti-virus websites etc. (Windows NT / 2000 / XP)
- "anti virus XP 2008" (Windows NT / 2000 / XP)
- Is There a Free Anti virus? (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Browser redirects[thread moved]
- Next Thread: Firefox tabs keep popping up
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia education email europe facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
