Page 6 of 9 FirstFirst ... 23456789 LastLast
Results 51 to 60 of 89

Thread: Please Help !!!!!

  1. 2007-10-16, 16:51 #51
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00710429
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01B50FEF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01B50F69
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01B50F7A
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01B50054
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01B50F97
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01B50FB2
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01B50F3D
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01B50F4E
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01B500CC
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01B500BB
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 01B500DD
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 01B50039
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01B50FDE
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 01B50079
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 01B5001E
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 01B50FCD
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 01B500AA
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01B40FAF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01B40F8A
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01B40FCA
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01B40000
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01B40051
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01B40036
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01B40FE5
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01B4001B
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01B1000A
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00710536
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] WS2_32.dll!send 71AB428A 5 Bytes JMP 007105E0
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00710553
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 01B20FEF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01B20FD4
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01B20FC3
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01B20014
    .text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[1568] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00690429
    .text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[1568] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00690536
    .text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[1568] WS2_32.dll!send 71AB428A 5 Bytes JMP 006905E0
    .text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[1568] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00690553
    .text C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe[1620] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00700429
    .text C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe[1620] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00700536
    .text C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe[1620] WS2_32.dll!send 71AB428A 5 Bytes JMP 007005E0
    .text C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe[1620] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00700553
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00710429
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateFileA 7C801A24 3 Bytes JMP 010C0000
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateFileA + 4 7C801A28 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtectEx 7C801A5D 1 Byte [ E9 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtectEx + 2 7C801A5F 1 Byte [ F4 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtectEx + 4 7C801A61 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtect 7C801AD0 3 Bytes JMP 010C0F72
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtect + 4 7C801AD4 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 010C004C
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryExA 7C801D4F 3 Bytes JMP 010C0F83
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryExA + 4 7C801D53 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryA 7C801D77 3 Bytes JMP 010C0FB9
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryA + 4 7C801D7B 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetStartupInfoW 7C801E50 3 Bytes JMP 010C0F35
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetStartupInfoW + 4 7C801E54 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 010C007D
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateProcessW 7C802332 3 Bytes JMP 010C00BA
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateProcessW + 4 7C802336 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateProcessA 7C802367 3 Bytes JMP 010C00A9
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateProcessA + 4 7C80236B 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetProcAddress 7C80ADC0 3 Bytes JMP 010C0F06
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetProcAddress + 4 7C80ADC4 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryW 7C80AE6B 3 Bytes JMP 010C0F9E
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryW + 4 7C80AE6F 1 Byte [ 84 ]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 010C001B
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 010C0F50
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 010C0FCA
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 010C0FEF
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 010C008E
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 010B0036
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 010B0062
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 010B0025
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 010B0FEF
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 010B0FA5
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 010B0FC0
    .text C:\Program Files\McAfee\Common
  2. 2007-10-16, 16:53 #52
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 010B000A
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 010B0047
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01080000
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00710536
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] WS2_32.dll!send 71AB428A 5 Bytes JMP 007105E0
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00710553
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 0109000A
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01090FE5
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01090FD4
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01090025
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1668] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009C0429
    .text C:\WINDOWS\system32\nvsvc32.exe[1940] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00720429
    .text C:\WINDOWS\system32\nvsvc32.exe[1940] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00720536
    .text C:\WINDOWS\system32\nvsvc32.exe[1940] WS2_32.dll!send 71AB428A 5 Bytes JMP 007205E0
    .text C:\WINDOWS\system32\nvsvc32.exe[1940] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00720553
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1976] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009A0429
    .text C:\WINDOWS\System32\alg.exe[2088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 005B0429
    .text C:\WINDOWS\System32\alg.exe[2088] WS2_32.dll!connect 71AB406A 5 Bytes JMP 005B0536
    .text C:\WINDOWS\System32\alg.exe[2088] WS2_32.dll!send 71AB428A 5 Bytes JMP 005B05E0
    .text C:\WINDOWS\System32\alg.exe[2088] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 005B0553
    .text C:\Program Files\iPod\bin\iPodService.exe[2736] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00690429
    .text C:\Program Files\iTunes\iTunes.exe[2924] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B0429
    .text C:\Program Files\iTunes\iTunes.exe[2924] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003B0536
    .text C:\Program Files\iTunes\iTunes.exe[2924] WS2_32.dll!send 71AB428A 5 Bytes JMP 003B05E0
    .text C:\Program Files\iTunes\iTunes.exe[2924] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003B0553
    .text C:\WINDOWS\Explorer.EXE[3148] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00990429
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0087
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A006C
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F92
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FAF
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FC0
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0098
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F50
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00D8
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F35
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 001A0F1A
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 001A0051
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 001A001B
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 001A0F77
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 001A002C
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 001A0FDB
    .text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 001A00B3
    .text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FC3
    .text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0029005E
    .text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0029000A
    .text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290FDE
    .text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290FA1
    .text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290043
    .text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FEF
    .text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FB2
    .text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 002C0FEF
    .text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 002C0FDE
    .text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 002C000A
    .text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 002C0FB9
    .text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 015B0000
    .text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00990536
    .text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!send 71AB428A 5 Bytes JMP 009905E0
    .text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00990553
    .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00880429
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B000A
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0082
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F97
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0FA8
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0FB9
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0047
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F68
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B00B0
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B00D2
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F39
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 001B00ED
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 001B0FCA
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 001B0FE5
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 001B0093
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 001B0036
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 001B0025
    .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 001B00C1
    .text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002B002C
    .text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002B0F91
    .text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002B001B
    .text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002B0FEF
    .text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002B004E
    .text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002B0FAC
    .text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002B000A
    .text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002B003D
    .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3516] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00890429
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3552] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009A0429
    .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[3560] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B0429
    .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[3560] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003B0536
    .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[3560] WS2_32.dll!send 71AB428A 5 Bytes JMP 003B05E0
    .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[3560] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003B0553
    .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3588] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A0429
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A20429
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250FE5
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00250058
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250F63
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250F7E
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250047
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250FA5
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00250F1A
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00250F35
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 00250087
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00250EEE
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00250ED3
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00250036
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll! 71AB3B91 5 Bytes JMP 01CE0FEF
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ws2_32.dll!connect 71AB406A 5
  3. 2007-10-16, 16:53 #53
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    CreateFileW 7C810780 5 Bytes JMP 00250FCA
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00250F52
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 0025001B
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00250000
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!WinExec 7C8615B5 5 Bytes JMP 00250F09
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 003A0FC7
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 003A0F80
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 003A0022
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 003A0011
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 003A0F91
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 003A0FAC
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 003A0000
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 003A0033
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 01CB0FE5
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01CB0FD4
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01CB0FB9
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01CB0FA8
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ws2_32.dll!socket

    Bytes JMP 00A20536
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ws2_32.dll!send 71AB428A 5 Bytes JMP 00A205E0
    .text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ws2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00A20553
    .text C:\Program Files\QuickTime\QTTask.exe[3664] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009C0429
    .text C:\Program Files\iTunes\iTunesHelper.exe[3676] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429
    .text C:\Program Files\iTunes\iTunesHelper.exe[3676] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003C0536
    .text C:\Program Files\iTunes\iTunesHelper.exe[3676] WS2_32.dll!send 71AB428A 5 Bytes JMP 003C05E0
    .text C:\Program Files\iTunes\iTunesHelper.exe[3676] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003C0553
    .text C:\Program Files\McAfee\Common Framework\McTray.exe[3704] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00990429
    .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3740] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A0429
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3780] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A0429
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3780] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003A0536
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3780] WS2_32.dll!send 71AB428A 5 Bytes JMP 003A05E0
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3780] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003A0553
    .text C:\WINDOWS\system32\ctfmon.exe[3868] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00860429
    .text C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[3892] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E80429
    .text C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[3892] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00E80536
    .text C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[3892] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E805E0
    .text C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[3892] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00E80553
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3928] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D0429
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3928] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003D0536
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3928] WS2_32.dll!send 71AB428A 5 Bytes JMP 003D05E0
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3928] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003D0553
    .text C:\Program Files\ViOrb\ViOrb.exe[3980] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009A0429
    .text C:\Program Files\ViStart\ViStart.exe[3992] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A0429

    ---- User IAT/EAT - GMER 1.0.13 ----

    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
    IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
  4. 2007-10-16, 16:54 #54
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    ---- Devices - GMER 1.0.13 ----

    Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 83B60908

    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B8DDB0D1] mfehidk.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B8DDB0D1] mfehidk.sys

    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8354E830

    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F7885AD0] mfetdik.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F7885AD0] mfetdik.sys

    ---- Modules - GMER 1.0.13 ----

    Module _________ F763F000-F7657000 (98304 bytes)

    ---- EOF - GMER 1.0.13 ----
  5. 2007-10-16, 17:14 #55
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Scan this in jotti as before and post back results.

    C:\Program Files\SmartAdviser\EZAD\svchost.exe
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  6. 2007-10-16, 17:24 #56
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    Scanner results
    Scan taken on 16 Oct 2007 15:21:29 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing
  7. 2007-10-16, 18:35 #57
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Do you recognize this program?

    C:\Program Files\SmartAdviser\EZAD\svchost.exe
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  8. 2007-10-16, 18:47 #58
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default

    Yes .. That is a calculator programe i don't use it anymore u can delete it if it have to
  9. 2007-10-16, 18:51 #59
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Ok, then we leave it alone.

    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop


    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

    Files to delete:
    C:\WINDOWS\xlavra3.exe
    C:\WINDOWS\dravic.exe
    C:\WINDOWS\system32\lasse.exe

    Registry values to replace with dummy:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  10. 2007-10-16, 19:16 #60
    nishikamae
    nishikamae is offline
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    while the avenger was running after reboot computer (not twice) on black command window it's had a pop up about can't reach the sourse drive or somthing i'm not sure tried 2 answer try again too many time but it did''t work so i answer continue 6 time and then the program creat a log file thank you

    Here is a log file


    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\ebbsnsdv

    *******************

    Script file located at: \??\C:\WINDOWS\wggjebdq.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\xlavra3.exe deleted successfully.
    File C:\WINDOWS\dravic.exe deleted successfully.
    File C:\WINDOWS\system32\lasse.exe deleted successfully.
    Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules