can't start spybot download

J

jphone

New member
i can't seem to start spybot download, an error message comes up saying can't find server safer-networking.org

please help

i continue to get blocked from anti-spyware sites or anti adware sites

here is my hijack report



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:40 PM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sySTEM32\SvchoSt.ExE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Intel\LDCM\bin\IIDS.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\LDCM\Bin\USM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Intel\LDCM\bin\ssm.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\McAfee\Anti-Theft\McUiCnt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - C:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - C:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: TMA Distribution - Unknown owner - C:\WINDOWS\system32\cba\lcfinst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11172 bytes
 
Last edited by a moderator:
Hi jphone

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
 
info 1

here is the first part of the info you asked for, thanks for helping out

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-24 12:39:50
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB2E4E4EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB2E4E581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB2E4E498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB2E4E4AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB2E4E595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB2E4E5C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB2E4E62F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB2E4E619]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB2E4E52A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB2E4E65B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB2E4E56D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB2E4E470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB2E4E484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB2E4E4FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB2E4E697]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB2E4E603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB2E4E5ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB2E4E5AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB2E4E683]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB2E4E66F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB2E4E4D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB2E4E4C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB2E4E5D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB2E4E559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB2E4E645]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB2E4E540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB2E4E514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP B2E4E518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP B2E4E571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP B2E4E5F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP B2E4E4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP B2E4E4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP B2E4E585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP B2E4E69B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP B2E4E633 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP B2E4E474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP B2E4E502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP B2E4E5DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP B2E4E544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP B2E4E52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP B2E4E4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP B2E4E55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP B2E4E488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP B2E4E65F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP B2E4E61D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP B2E4E5C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP B2E4E599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP B2E4E49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD17 5 Bytes JMP B2E4E4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9DA 7 Bytes JMP B2E4E649 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E300 7 Bytes JMP B2E4E607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E77C 7 Bytes JMP B2E4E5AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC71 5 Bytes JMP B2E4E673 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0DC 5 Bytes JMP B2E4E687 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02860000
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0286006E
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02860F6F
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02860053
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02860F8A
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02860FAF
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02860089
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02860F41
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02860F04
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02860F15
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02860EF3
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0286002C
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02860011
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02860F5E
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02860FC0
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02860FDB
.text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02860F26
.text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02850FCA
.text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02850FAF
.text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0285001B
.text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02850FE5
.text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02850062
.text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02850000
.text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02850051
.text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02850036
.text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02840047
.text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!system 77C293C7 5 Bytes JMP 0284002C
.text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0284001B
.text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02840000
.text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02840FBC
.text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02840FE3
.text C:\WINDOWS\Explorer.EXE[212] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 02360FD4
.text C:\WINDOWS\Explorer.EXE[212] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 02360FE5
.text C:\WINDOWS\Explorer.EXE[212] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 02360FB7
.text C:\WINDOWS\Explorer.EXE[212] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 02360F9C
.text C:\WINDOWS\Explorer.EXE[212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 022A0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0F2B
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0F46
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0F61
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE001E
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0F8D
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0067
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE0056
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0EE9
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0078
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE009D
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0F7C
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE003B
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0F9E
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE0EFA
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50036
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50FCA
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50025
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D5000A
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D5007D
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D50062
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50051
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D40036
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40FAB
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40FC6
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40011
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EC0051
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EC0F5C
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EC0F6D
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EC0036
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EC0F9E
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EC0F2B
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EC0073
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC0EE4
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EC0EFF
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EC0ED3
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EC0025
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EC0062
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EC000A
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EC0FB9
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EC0F10
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EB0014
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EB0F83
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EB0FC3
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EB0FDE
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EB004A
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EB0FEF
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EB0FA8
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0B, 89]
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EB002F
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EA0038
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EA0FAD
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EA000C
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EA0FE3
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EA001D
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EA0FD2
.text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A90F5F
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A90F70
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A90F8D
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A90F9E
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A9002C
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A90096
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A90F4E
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A90F22
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A900B1
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A900D6
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A90FAF
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A90FDB
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A90079
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A90011
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A90FC0
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A90F33
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A80036
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A80084
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A80FE5
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A8001B
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A80073
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A80062
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A80047
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A70F97
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A7002C
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A70FD7
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A70FB2
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A70011
.text C:\WINDOWS\system32\svchost.exe[888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C000A4
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00FC0
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C0007D
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C0003D
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00F94
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C000D0
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00F65
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00108
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F54
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00058
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C000BF
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000ED
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0F79
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0053
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0038
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FD2
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE001D
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025D0000
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025D00A2
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025D0FAD
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025D0091
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025D0076
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025D005B
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025D00DA
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025D0F88
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025D0F66
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025D00FF
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025D0F4B
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025D0FD4
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025D0FEF
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025D00B3
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025D0040
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025D002F
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025D0F77
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 025C0036
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 025C008E
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 025C0025
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 025C000A
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 025C0073
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 025C0FE5
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 025C0062
.text C:\WINDOWS\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 025C0047
.text C:\WINDOWS\System32\svchost.exe[1068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 025B0F9A
.text C:\WINDOWS\System32\svchost.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 025B0FB5
.text C:\WINDOWS\System32\svchost.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 025B0011
.text C:\WINDOWS\System32\svchost.exe[1068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 025B0FEF
.text C:\WINDOWS\System32\svchost.exe[1068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 025B0FC6
.text C:\WINDOWS\System32\svchost.exe[1068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 025B0000
.text C:\WINDOWS\System32\svchost.exe[1068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02270FEF
.text C:\WINDOWS\System32\svchost.exe[1068] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 025A0000
.text C:\WINDOWS\System32\svchost.exe[1068] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 025A0FE5
.text C:\WINDOWS\System32\svchost.exe[1068] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 025A001B
.text C:\WINDOWS\System32\svchost.exe[1068] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 025A0036
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770F92
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770FA3
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0077007D
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770FC0
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770047
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007700B3
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F77
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770F3F
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770F50
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00770F2E
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770058
.text C:\WINDOWS\system32\svchost.exe[1164] -
 
info 2

second part

kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770011
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007700A2
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770FDB
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770022
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007700CE
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760025
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00760FAF
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00760FD4
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0076006C
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0076005B
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760040
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750069
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!system 77C293C7 5 Bytes JMP 00750058
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00750022
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750000
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0075003D
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00750011
.text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740FE5
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0F6B
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0F7C
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0F8D
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0040
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0FA8
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C00A9
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C008C
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0F3C
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00CB
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C00E6
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C002F
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0071
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0FB9
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00BA
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0FA8
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0F7C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0FC3
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0FDE
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0039
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0F8D
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0014
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0055
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0044
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FD4
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0029
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A000C
.text C:\WINDOWS\system32\svchost.exe[1272] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40F48
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40F59
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A4003D
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40F8A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A4002C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40084
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40073
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A400A6
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A40F17
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A400C1
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40FA5
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40058
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A4001B
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FCA
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40095
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30F8A
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30FAF
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30FCA
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30047
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30FE5
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30011
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20FC0
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20055
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20033
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20044
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A2000C
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A4009B
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40076
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40FA8
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A4005B
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F70
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A400C2
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A40F3A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A400D3
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40F1F
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40040
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F8B
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40F55
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F83
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F9E
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FB9
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F95
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!system 77C293C7 5 Bytes JMP 0092002A
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FC1
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FE3
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FB0
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FD2
.text C:\WINDOWS\system32\svchost.exe[1532] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00910FCA
.text C:\WINDOWS\system32\svchost.exe[1532] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[1532] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00910FB9
.text C:\WINDOWS\system32\svchost.exe[1532] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[1532] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00900000
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008A006E
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008A0F79
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008A0047
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008A0F8A
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008A0FB9
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008A0F3C
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008A0F4D
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008A0F1A
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008A00B3
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008A0EF5
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008A0036
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A000A
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008A0F68
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008A0025
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008A0FD4
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008A0F2B
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00890036
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00890FA8
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00890025
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0089000A
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00890FB9
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00890FEF
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00890FCA
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A9, 88]
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00890047
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0088004C
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] msvcrt.dll!system 77C293C7 5 Bytes JMP 00880FC1
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00880FD2
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00880FEF
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00880027
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0088000C
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00720025
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00720000
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00720FEF
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00720042
.text C:\WINDOWS\sySTEM32\SvchoSt.ExE[1616] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00710FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01102F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01102CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01102D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01102CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[1884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[1884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[1884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[1884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [015D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [015D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [015D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [015D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dlcxcoms.exe[2968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dlcxcoms.exe[2968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dlcxcoms.exe[2968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dlcxcoms.exe[2968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Gerald\Desktop\gmer\gmer.exe[4308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Gerald\Desktop\gmer\gmer.exe[4308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Gerald\Desktop\gmer\gmer.exe[4308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Gerald\Desktop\gmer\gmer.exe[4308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip DnsFilter.sys (DnsFilter/DnsFilter)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp DnsFilter.sys (DnsFilter/DnsFilter)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp DnsFilter.sys (DnsFilter/DnsFilter)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp DnsFilter.sys (DnsFilter/DnsFilter)

---- EOF - GMER 1.0.15 ---
 
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
 
combo fix

here is the combo fix

ComboFix 09-08-24.01 - Gerald 08/24/2009 14:24.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.520 [GMT -5:00]
Running from: c:\documents and settings\Gerald\Desktop\ComboFix.exe
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX


((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-22 20:11 . 2009-08-22 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-22 20:11 . 2009-08-22 20:11 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-08-22 19:46 . 2009-08-22 19:46 -------- d-----w- c:\program files\Trend Micro
2009-08-22 17:29 . 2009-08-22 19:00 564512 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-22 17:29 . 2009-08-22 19:00 30240 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-22 17:05 . 2009-08-22 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-08-22 17:05 . 2009-08-22 17:05 -------- d-----w- c:\documents and settings\Gerald\Local Settings\Application Data\Downloaded Installations
2009-08-22 16:54 . 2009-08-22 16:54 -------- d-----w- c:\documents and settings\Andrea\Application Data\Malwarebytes
2009-08-22 14:07 . 2009-08-22 14:07 -------- d-----w- c:\documents and settings\Gerald\Application Data\Malwarebytes
2009-08-22 14:07 . 2009-08-22 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-22 13:20 . 2009-08-22 13:20 -------- d-----w- c:\program files\Enigma Software Group
2009-08-21 00:10 . 2009-08-21 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-08-21 00:07 . 2009-08-21 00:07 -------- d-----w- c:\program files\Common Files\iS3
2009-08-21 00:07 . 2009-08-21 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-08-20 04:24 . 2009-08-20 04:24 48544 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-19 22:25 . 2009-08-20 22:49 -------- d-----w- c:\program files\DDnsFilter
2009-08-19 22:25 . 2009-08-19 22:25 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
2009-08-19 18:18 . 2009-08-19 18:18 1 ---h--w- c:\windows\mmsmark2.dat
2009-08-12 22:00 . 2009-08-12 22:00 -------- d-----w- c:\documents and settings\Kim Barkey\Application Data\AdobeUM
2009-08-04 04:13 . 2009-08-04 04:13 -------- d-----w- c:\documents and settings\Kim Barkey\Local Settings\Application Data\Adobe
2009-07-28 17:25 . 2009-07-28 17:25 -------- d-----w- c:\program files\iTunes
2009-07-28 17:02 . 2009-07-28 17:02 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 19:31 . 2008-09-08 18:11 -------- d-----w- c:\program files\dl_cats
2009-08-24 19:29 . 2009-02-22 20:05 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-24 19:29 . 2009-02-22 20:05 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-08-22 19:00 . 2009-08-22 17:29 8636 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-22 19:00 . 2009-08-22 17:29 3884 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-22 13:48 . 2009-07-01 16:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 03:44 . 2009-02-22 20:06 -------- d-----w- c:\documents and settings\Kim Barkey\Application Data\Skype
2009-08-22 03:26 . 2009-02-22 20:10 -------- d-----w- c:\documents and settings\Kim Barkey\Application Data\skypePM
2009-08-21 00:37 . 2009-08-21 00:37 448 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-20 04:23 . 2008-09-22 17:59 -------- d-----w- c:\documents and settings\Gerry\Application Data\Apple Computer
2009-08-19 15:50 . 2009-01-29 00:33 -------- d-----w- c:\documents and settings\Gerald\Application Data\AdobeUM
2009-08-15 23:49 . 2008-10-22 03:59 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-15 23:49 . 2008-10-22 03:59 104 --sh--r- c:\windows\system32\93E3FA1EED.sys
2009-08-15 06:28 . 2008-09-22 16:11 -------- d-----w- c:\documents and settings\Gerry\Application Data\LimeWire
2009-08-13 16:51 . 2008-09-08 18:21 -------- d-----w- c:\program files\McAfee
2009-08-07 14:06 . 2008-11-30 02:06 -------- d-----w- c:\documents and settings\Andrea\Application Data\AdobeUM
2009-07-28 17:25 . 2008-09-22 17:58 -------- d-----w- c:\program files\iPod
2009-07-28 17:25 . 2008-09-22 18:43 -------- d-----w- c:\program files\Common Files\Apple
2009-07-26 15:04 . 2009-07-01 16:18 -------- d-----w- c:\program files\iWin.com
2009-07-11 18:46 . 2008-09-08 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-01 16:39 . 2009-07-01 16:39 -------- d-----w- c:\documents and settings\Gerry\Application Data\iWin
2009-07-01 16:15 . 2009-07-01 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-06-30 20:45 . 2009-06-30 20:26 -------- d-----w- c:\program files\iWin
2009-06-30 19:33 . 2008-09-09 18:11 -------- d-----w- c:\program files\Common Files\AOL
2009-06-26 16:50 . 2004-08-12 14:09 666624 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-12 13:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-24 00:47 . 2009-06-24 00:50 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-22 01:57 . 2009-01-02 02:01 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-06-16 14:36 . 2004-08-12 14:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-12 13:57 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 21:58 . 2009-06-13 21:58 152576 ----a-w- c:\documents and settings\Kim Barkey\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-03 19:09 . 2004-08-12 14:03 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 18:36 . 2009-05-21 00:32 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 18:36 . 2008-10-14 15:51 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-22_19.02.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-24 19:29 . 2009-08-24 19:29 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
+ 2008-09-07 05:37 . 2009-08-24 18:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-07 05:37 . 2009-08-22 15:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-07 05:37 . 2009-08-24 18:06 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-09-07 05:37 . 2009-08-22 15:51 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-20 22:47 . 2009-08-22 20:11 2606696 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"User Space Manager"="c:\program files\Intel\LDCM\Bin\USM.exe" [2000-06-21 20563]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-28 655360]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SoundMan"="soundman.exe" - c:\windows\soundman.exe [2001-05-29 124416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [8/12/2004 9:06 AM 14336]
R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [5/28/2008 9:32 AM 61688]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [8/19/2009 5:25 PM 38016]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/8/2008 1:23 PM 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/9/2008 1:12 PM 24652]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S1 2f5e9f4;2f5e9f4;c:\windows\system32\drivers\2f5e9f4.sys --> c:\windows\system32\drivers\2f5e9f4.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-09-08 15:53]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-09-08 15:53]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gerald\Application Data\Mozilla\Firefox\Profiles\j4roggp3.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 14:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(496)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Intel\LDCM\BIN\IIDS.exe
c:\windows\system32\CBA\PDS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CBA\XFR.EXE
c:\program files\Intel\LDCM\BIN\SSM.exe
c:\windows\system32\MSGSYS.EXE
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\QuickCam\LU\LULnchr.exe
c:\program files\Logitech\QuickCam\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2009-08-24 14:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-24 19:32
ComboFix2.txt 2009-08-22 19:04

Pre-Run: 304,489,488,384 bytes free
Post-Run: 304,446,980,096 bytes free

223 --- E O F --- 2009-08-06 14:32
 
hijachthis info

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:20 PM, on 8/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sySTEM32\SvchoSt.ExE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Intel\LDCM\bin\IIDS.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Intel\LDCM\Bin\USM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Intel\LDCM\bin\ssm.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - C:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - C:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: TMA Distribution - Unknown owner - C:\WINDOWS\system32\cba\lcfinst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10911 bytes
 
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
hijack this list

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AIM Search
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Ask Toolbar
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avance AC'97 Audio
Bonjour
Broadcom Gigabit Integrated Controller
Corel Paint Shop Pro X
Corel Photo Album 6
Data Lifeguard Tools
Dell Media Experience
Dell PC Fax
Dell Photo AIO Printer 926
Dell ResourceCD
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
iPod for Windows 2005-03-23
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
LimeWire 4.18.8
Logitech QuickCam
Logitech QuickCam Driver Package
McAfee Anti-Theft
McAfee SecurityCenter
Microsoft Office Small Business Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.13)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nikon Message Center
Nikon Transfer
Photo Viewer s2.5
QuickTime
RTLSetup
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Skype™ 4.0
SoundMAX
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Windows Media Format Runtime
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Toolbar
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.18.8


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.
 
list

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AIM Search
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Ask Toolbar
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avance AC'97 Audio
Bonjour
Broadcom Gigabit Integrated Controller
Corel Paint Shop Pro X
Corel Photo Album 6
Data Lifeguard Tools
Dell Media Experience
Dell PC Fax
Dell Photo AIO Printer 926
Dell ResourceCD
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
iPod for Windows 2005-03-23
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Logitech QuickCam
Logitech QuickCam Driver Package
McAfee Anti-Theft
McAfee SecurityCenter
Microsoft Office Small Business Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.13)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nikon Message Center
Nikon Transfer
Photo Viewer s2.5
QuickTime
RTLSetup
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Skype™ 4.0
SoundMAX
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Windows Media Format Runtime
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Toolbar
 
when i try to download spybot, it goes all the way through the initial steps but then when it tries to conect with safer-networking.org an error message comes up

Error sending request
the server name or address could not be resolved
 
miscommunication

sorry if i wasn't clear in my problem

i have been able to download spybot but when i run the program it makes it all the way through the agreement/where i save it and then when it goes to install it can't connect with safer-networking.org - that's when i get the error message
 
I see.

Please do this and let me know if it helped:

Download HostsXpert and unzip it to your desktop.

Open HostsXpert that you earlier unzipped on your desktop

  • Click "Make Hosts Writable?" upper right corner (if available)
  • Click "Restore Microsoft's Original Hosts File" and then click OK
  • Close HostsXpert
Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually
 
Then please reset your router and try again, please.

If you need help with that, let me know.
 
i reset the router then the computer and it still will not work, however i did get an other error at start up

LCFINST.exe failed
 
just so i'm sure i did it right

to rest the router all i have to do is hit the reset button on the actual router itself, correct
 
You must log in or register to reply here.
Back
Top