PDA

View Full Version : Infected


kirchartz
2009-06-12, 03:20
I have been unable to open spybot, get to the website, and keep getting a bunch of popups and programs locking up.

Here is my HJT file.

thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:59 PM, on 6/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\jkirchart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\PPOPUP.EXE
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\kkkkkk.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 216.31.150.6 webmail.glendale
O1 - Hosts: 216.31.150.6 WEBMAIL.GLENDALE
O1 - Hosts: 216.31.150.6 webmail.kent
O1 - Hosts: 216.31.150.6 WEBMAIL.KENT
O1 - Hosts: 216.31.150.6 webmail.sacramento
O1 - Hosts: 216.31.150.6 WEBMAIL.SACRAMENTO
O1 - Hosts: 216.31.150.6 webmail.tustin
O1 - Hosts: 216.31.150.6 WEBMAIL.TUSTIN
O1 - Hosts: 216.31.150.6 webmail.sandiego
O1 - Hosts: 216.31.150.6 WEBMAIL.SANDIEGO
O1 - Hosts: 216.31.150.6 webmail.commerce
O1 - Hosts: 216.31.150.6 WEBMAIL.COMMERCE
O1 - Hosts: 216.116.109.3 webmail.sanleandro
O1 - Hosts: 216.116.109.3 WEBMAIL.SANLEANDRO
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jkirchart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Pcounter Ppopup.lnk = C:\PPOPUP.EXE
O4 - Global Startup: Shortcut to PLOTMGR.lnk = C:\PLOTMGR.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\jkirchart\Application Data\Mozilla\Firefox\Profiles\8wggb7kg.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\jkirchart\Application Data\Mozilla\Firefox\Profiles\8wggb7kg.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ewingcole.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0A10079E-B8E6-11D1-BC4D-006008CCBF84} (Centric Project Inbox 10.9) - http://www.ewingcole.com/PROJECTS/en-us/atx.cab
O16 - DPF: {0A100932-B8E6-11D1-BC4D-006008CCBF84} (Centric Project PopupMenu 10.9) - http://www.ewingcole.com/PROJECTS/en-us/PopupMenu.cab
O16 - DPF: {0A100A0E-B8E6-11D1-BC4D-006008CCBF84} (Centric Project Grid 10.9) - http://www.ewingcole.com/PROJECTS/en-us/Grid.cab
O16 - DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} (CompositeView Control) - http://doc-workflow/appxtender/client/IrcViewer.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194907078250
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {862B5062-DBE6-4E05-A042-E0B6302F35D0} (ESIAuthentication.Authentication) - https://ies.evapco.com/Evapco.iES/Cab/ESIAuthentication.CAB
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://www.ewingcole.com/PROJECTS/en-us/FileTransfer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{236E617C-0EE9-475E-B061-117279AA2539}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B996F36-FA0F-4EC6-B31F-7F85F1AB71EB}: NameServer = 66.80.130.23,66.80.131.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{8363A112-4009-46D3-BAF1-E8AF4D0ADD1C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAAED8CE-0D8B-4AC5-80B0-100B614E84FB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

--
End of file - 15743 bytes
Shaba
2009-06-13, 10:55
Hi kirchartz

Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)

Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
kirchartz
2009-06-13, 21:34
Here is the output. thank you

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-13 11:28:25
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 89D9432E ZwEnumerateKey
Code 89D6643E ZwFlushInstructionCache
Code 874D98C5 IofCallDriver
Code 8A1557C5 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF0BC 5 Bytes JMP 874D98CA
.text ntkrnlpa.exe!IofCompleteRequest 804EF14C 5 Bytes JMP 8A1557CA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B528A 5 Bytes JMP 89D66442
PAGE ntkrnlpa.exe!ZwEnumerateKey 8062296E 5 Bytes JMP 89D94332
? nwfilter.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[476] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0076000A
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C6000A
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[528] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[584] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[656] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 006F000A
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[780] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[860] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0091000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[888] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\TpShocks.exe[916] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B000A
.text C:\WINDOWS\system32\rundll32.exe[920] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009C000A
.text C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[952] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0063000A
.text ...
kirchartz
2009-06-13, 21:37
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1024] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1036] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[1224] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1348] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe[1400] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003D000A
.text C:\WINDOWS\system32\nvsvc32.exe[1528] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 008C000A
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1752] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\rundll32.exe[1760] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009C000A
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1812] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B000A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1980] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C9000A
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[2076] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003F000A
.text ...
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2144] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2144] USER32.dll!MessageBoxA 7E45058A 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2144] USER32.dll!MessageBoxW 7E46630A 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe[2156] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\wuauclt.exe[2228] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003F000A
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\wuauclt.exe[2228] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\NWTRAY.EXE[2248] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B000A
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[2308] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AE000A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2372] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C2000A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2468] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B1000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2484] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003E000A
.text ...
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!WriteFile 7C810D97 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!PeekNamedPipe 7C85FB2F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] kernel32.dll!WinExec 7C86158D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] WININET.dll!InternetReadFile 7806ABCC 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] WININET.dll!InternetOpenA 7806C879 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] WS2_32.dll!select 71AB2DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] WS2_32.dll!socket 71AB3B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] WS2_32.dll!bind 71AB3E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] WS2_32.dll!send 71AB428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[3008] WS2_32.dll!recv 71AB615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\TPHDEXLG.exe[3048] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\wscntfy.exe[3776] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0085000A
.text C:\Documents and Settings\jkirchart\Desktop\New Folder (12)\gmer.exe[3980] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009C000A
kirchartz
2009-06-13, 21:38
---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\MSIVXiaxdpkgorohccmidpiltbopxgsqnsnsi.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1204] 0x10000000

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\MSIVXvmhlrmpxbppwqbokffuualdbbgrftlwa.sys
File C:\WINDOWS\system32\drivers\SKYNETimxfqtdh.sys
File C:\WINDOWS\system32\MSIVXiaxdpkgorohccmidpiltbopxgsqnsnsi.dll
File C:\WINDOWS\system32\MSIVXbxtevylvnstjkccqhoehvmjckunirbqb.dll
File C:\WINDOWS\system32\MSIVXcount
File C:\WINDOWS\system32\SKYNETtqiedgqh.dll
File C:\WINDOWS\system32\SKYNETifqptvwp.dat
File C:\WINDOWS\system32\SKYNEThlbjxyns.dll
File C:\WINDOWS\Temp\SKYNEThfjtrppqiq.tmp
File C:\WINDOWS\Temp\SKYNETxdcxdkibct.tmp
File C:\WINDOWS\Temp\SKYNETbqycimceth.tmp
File C:\WINDOWS\Temp\SKYNETyxmsbcrjip.tmp
File C:\WINDOWS\Temp\SKYNETowviuwmecb.tmp
File C:\WINDOWS\Temp\SKYNETyueordrign.tmp
File C:\WINDOWS\Temp\SKYNETbdrbrnmbpc.tmp
File C:\WINDOWS\Temp\SKYNETxtrxtqfvxb.tmp
File C:\WINDOWS\Temp\SKYNETiovcyciorg.tmp
File C:\WINDOWS\Temp\SKYNETegowpsexns.tmp
File C:\WINDOWS\Temp\SKYNETfposmcrvji.tmp
File C:\WINDOWS\Temp\SKYNETfqjwmdcwiv.tmp
File C:\WINDOWS\Temp\SKYNETvrprxtqfux.tmp
File C:\WINDOWS\Temp\SKYNETdtdriyqdst.tmp
File C:\WINDOWS\Temp\SKYNETlnsevpypec.tmp
File C:\WINDOWS\Temp\SKYNETsipxswutfy.tmp
File C:\WINDOWS\Temp\SKYNETyborvvvyel.tmp
File C:\WINDOWS\Temp\SKYNETciqxvjjxtj.tmp

---- EOF - GMER 1.0.15 ----
Shaba
2009-06-13, 21:53
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
kirchartz
2009-06-13, 23:17
The ComboFix.exe file will not run. I have disabled what I can, but I still can't access spybot to shut off teatimer.
Shaba
2009-06-14, 09:57
It is likely due to infection.

Please rename combofix.exe and try again.
Shaba
2009-06-19, 12:41
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.