Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee unable to update


  • Please log in to reply
9 replies to this topic

#1 GeoRam

GeoRam

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derby, UK
  • Local time:02:43 PM

Posted 30 May 2011 - 04:48 PM

Hi,
I was wondering if you could help me?
I have McAfee Security Centre installed on a Dell Inspiron 9400 laptop thats used wirelessly on a home network.
For the last few weeks its been giving me messages about not being able to auto update. It checks for them but fails to download them. My last update was therefore back in March.
It says to check my internet connection but this is clearly still working. I have also tried to redownload McAfee so i could uninstall and reinstall but every time i try from McAfee web site the download fails and it says the connection to the server has been terminated.
I have been looking at some other logs on this site and have downloaded and run Malwarebytes, rkill and superantispyware. Ive pasted the last log for MWB today and also one i did last week. The first time i ran superantispyware it found quite a few adwares but it didnt seem to keep a log so i have just run it again and pasted below.
Its my inability to keep McAfee up to date thats worrying me.

I will be unable to respond now until after work on Monday.

Regards
Scott
-------------------------------

TODAY
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6722

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/05/2011 14:00:55
mbam-log-2011-05-30 (14-00-55).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 243781
Time elapsed: 1 hour(s), 47 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\internet explorer\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\msn messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\msn messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP830\A0075917.SCR (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP830\A0075916.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP830\A0075918.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP830\A0075919.EXE (PUP.FunWebProducts) -> Not selected for removal.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.

---------------------------------

TODAY
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/30/2011 at 10:26 PM

Application Version : 4.53.1000

Core Rules Database Version : 7164
Trace Rules Database Version: 4976

Scan type : Complete Scan
Total Scan Time : 03:26:10

Memory items scanned : 640
Memory threats detected : 0
Registry items scanned : 7504
Registry threats detected : 0
File items scanned : 88875
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Scott\Cookies\scott@doubleclick[2].txt
C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[2].txt
C:\Documents and Settings\Scott\Cookies\scott@tracker.roitesting[1].txt
C:\Documents and Settings\Scott\Cookies\scott@advertising[1].txt
C:\Documents and Settings\Scott\Cookies\scott@invitemedia[1].txt

---------------------------------------
LAST WEEK

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6665

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/05/2011 21:43:17
mbam-log-2011-05-24 (21-43-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 236823
Time elapsed: 1 hour(s), 43 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 136
Registry Values Infected: 7
Registry Data Items Infected: 4
Folders Infected: 20
Files Infected: 83

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410CDE-6F16-42CE-9D49-3807F78F0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109FD3D-D891-4f80-8339-50A4913ACE6F} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90B5A95A-AFD5-4d11-B9BD-A69D53D22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\internet explorer\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\msn messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\msn messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\funwebproducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\0027BEED.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\002533DD (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00253AA3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00253C49.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00254050.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00254467.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\002549F5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

-------------

Edited by GeoRam, 30 May 2011 - 04:50 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:43 PM

Posted 04 June 2011 - 01:22 PM

SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 GeoRam

GeoRam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derby, UK
  • Local time:02:43 PM

Posted 06 June 2011 - 03:05 PM

thanks for your reply
i'm currently running gmer on the laptop.
i ran superantispyware portable overnight, it took 10 hours. i turned it off with the intention of posting the log after work. Ive now tried to do that but there are no logs showing?
it was basically the same as the one i posted earlier but with only 26 adwares and nothing else.
i will post the gmer log later.
thanks.
Scott

#4 GeoRam

GeoRam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derby, UK
  • Local time:02:43 PM

Posted 06 June 2011 - 04:47 PM

GMER log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-06 22:45:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9100824AS rev.8.03
Running: 54zmt0ol.exe; Driver: C:\DOCUME~1\Scott\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\DOCUME~1\Scott\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA308620]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7403DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7403DC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7403DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7403E46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7403D9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7403D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7403D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7403DDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7403E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7403E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7403E70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7403E5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7403E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP F7403E34 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP F7403E4A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP F7403E60 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP F7403E20 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP F7403D78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP F7403D8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP F7403E74 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP F7403E0A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP F7403DDE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP F7403DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP F7403DC8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP F7403DF4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP F7403DA0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00070014
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00060F50
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00060F61
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00060F72
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00060F29
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00060071
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00060EE2
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00060EF3
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00060ED1
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00060060
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00060F0E
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00050040
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00050FC3
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00050025
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00050076
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00050065
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F0042
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F0031
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F0FD2
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F0FC1
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F0FE3
.text C:\WINDOWS\system32\services.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E000A
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FB0014
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FB0FDE
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FA0F83
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FA0078
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FA0F9E
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FA005B
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FA0039
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FA0F37
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FA0089
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FA0EFA
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA0F0B
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FA0EE9
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FA004A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FA0FDE
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FA0F5E
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FA001E
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FA0FCD
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FA0F26
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C1007D
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10FC0
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C10058
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0016
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0F8B
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0FB7
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0F9C
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\lsass.exe[744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C40025
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30F83
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C30FA8
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30082
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30065
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C30FC3
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C30F50
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30F61
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C300D8
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C300BD
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C300E9
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C3004A
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C3001B
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C30F72
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30FDE
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C30F3F
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C2002C
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C2005B
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20F94
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C20FA5
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E2, 88] {LOOP 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20FC0
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0F64
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0F7F
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FB5
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0F9A
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FC6
.text C:\WINDOWS\system32\svchost.exe[940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DB0011
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0062
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA0F6D
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA0051
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA0040
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0FB9
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA00B5
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA009A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA00F2
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA00E1
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA0103
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0F9E
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA0073
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DA0FCA
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DA0025
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DA00D0
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D9005B
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D900AC
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90040
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D9001B
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D90087
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D9006C
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90FE5
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DD002C
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DD0FA1
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DD0011
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DD0FE3
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DD0FBC
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02E20000
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02E20FD4
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02E20FE5
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01700FEF
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01700F81
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01700076
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01700065
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01700054
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01700FC3
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01700F5A
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 017000A2
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01700F35
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017000CE
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01700F1A
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01700FB2
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0170000A
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01700087
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01700039
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01700FDE
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 017000BD
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 016F0025
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 016F0051
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 016F0FD4
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 016F000A
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 016F0F9E
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 016F0FEF
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 016F0FB9
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 89]
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 016F0036
.text C:\WINDOWS\System32\svchost.exe[1052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02E30038
.text C:\WINDOWS\System32\svchost.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes JMP 02E30FAD
.text C:\WINDOWS\System32\svchost.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02E3001D
.text C:\WINDOWS\System32\svchost.exe[1052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02E30FEF
.text C:\WINDOWS\System32\svchost.exe[1052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02E30FC8
.text C:\WINDOWS\System32\svchost.exe[1052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02E3000C
.text C:\WINDOWS\System32\svchost.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 016E000A
.text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 016D0FE5
.text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 016D0000
.text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 016D0FD4
.text C:\WINDOWS\System32\svchost.exe[1052] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 016D0FB9
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AE002C
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AE0011
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0078
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F83
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F9E
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD005B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0040
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F41
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F5E
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F0B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD00AE
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD00BF
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0FB9
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0089
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD002F
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FD4
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F26
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0F9E
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC001E
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FC3
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0F61
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0F72
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0F8D
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B00FAB
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B0002C
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B00FD7
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B00FC6
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B00011
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF0FE5
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0080001B
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007F0F68
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007F0F79
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007F0F94
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007F0051
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007F0FAF
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007F00A4
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007F0093
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007F0F37
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007F00DA
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007F0F26
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007F0040
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007F0FE5
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007F0078
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007F0FCA
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007F00BF
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007E0025
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007E0040
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007E0FD4
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007E0F79
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007E0F9E
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9E, 88]
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007E0FB9
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0082005A
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!system 77C293C7 5 Bytes JMP 00820049
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0082001D
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00820000
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00820038
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00820FE3
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00810FEF
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1748] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[1748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DC0014
.text C:\WINDOWS\system32\svchost.exe[1748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0FE5
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0051
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0040
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB002F
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0F72
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0F9E
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0F24
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB006C
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB0EE4
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB0EF5
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DB0ED3
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DB0F8D
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DB0FCA
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DB0F41
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DB0FAF
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DB007D
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DA0F6F
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DA0FAF
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DA0FCA
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DA0F8A
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DA0022
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DA0011
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF0FA3
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FBE
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0FE3
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF000C
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF002E
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF001D
.text C:\WINDOWS\system32\svchost.exe[1748] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[1748] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DD0011
.text C:\WINDOWS\system32\svchost.exe[1748] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DD0FE5
.text C:\WINDOWS\system32\svchost.exe[1748] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00DD0036
.text C:\WINDOWS\system32\svchost.exe[1748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FE5
.text C:\WINDOWS\Explorer.EXE[1908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0177000A
.text C:\WINDOWS\Explorer.EXE[1908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01770FDE
.text C:\WINDOWS\Explorer.EXE[1908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01770FEF
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01760000
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01760F8F
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0176008E
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01760073
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01760062
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01760047
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01760F4D
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0176009F
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017600BA
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01760F21
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 017600D5
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01760FCA
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01760011
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01760F7E
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01760FDB
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01760022
.text C:\WINDOWS\Explorer.EXE[1908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01760F3C
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01750014
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01750F72
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01750FC3
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01750FD4
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01750F8D
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01750FEF
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01750F9E
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [95, 89]
.text C:\WINDOWS\Explorer.EXE[1908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0175002F
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0179002F
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!system 77C293C7 5 Bytes JMP 01790F9A
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01790FC6
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01790FEF
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01790FAB
.text C:\WINDOWS\Explorer.EXE[1908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01790000
.text C:\WINDOWS\Explorer.EXE[1908] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 016D0FE5
.text C:\WINDOWS\Explorer.EXE[1908] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 016D0000
.text C:\WINDOWS\Explorer.EXE[1908] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 016D0FCA
.text C:\WINDOWS\Explorer.EXE[1908] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 016D0025
.text C:\WINDOWS\Explorer.EXE[1908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01780FEF
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD0FB9
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0040
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0F4B
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0F5C
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0F83
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0014
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC0F1F
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F30
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC008C
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0EF3
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC0ED8
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC005B
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC0FA8
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC0F0E
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB0FC3
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB0F7C
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB0FD4
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0F8D
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CB002F
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB0FA8
.text C:\WINDOWS\system32\svchost.exe[2704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0042
.text C:\WINDOWS\system32\svchost.exe[2704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0FB7
.text C:\WINDOWS\system32\svchost.exe[2704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA001D
.text C:\WINDOWS\system32\svchost.exe[2704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0FE3
.text C:\WINDOWS\system32\svchost.exe[2704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0FC8
.text C:\WINDOWS\system32\svchost.exe[2704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA000C
.text C:\WINDOWS\system32\svchost.exe[2704] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\dllhost.exe[3208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\dllhost.exe[3208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F10FD4
.text C:\WINDOWS\system32\dllhost.exe[3208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00040
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F4B
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F68
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00F79
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00F94
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00078
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F30
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F00EFA
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F0B
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F000A4
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F0001B
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F0005B
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FA5
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00FCA
.text C:\WINDOWS\system32\dllhost.exe[3208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F00089
.text C:\WINDOWS\system32\dllhost.exe[3208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0F90
.text C:\WINDOWS\system32\dllhost.exe[3208] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FA1
.text C:\WINDOWS\system32\dllhost.exe[3208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FBC
.text C:\WINDOWS\system32\dllhost.exe[3208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\dllhost.exe[3208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE001B
.text C:\WINDOWS\system32\dllhost.exe[3208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FE3
.text C:\WINDOWS\system32\dllhost.exe[3208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FC3
.text C:\WINDOWS\system32\dllhost.exe[3208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0054
.text C:\WINDOWS\system32\dllhost.exe[3208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FD4
.text C:\WINDOWS\system32\dllhost.exe[3208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\dllhost.exe[3208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0F8D
.text C:\WINDOWS\system32\dllhost.exe[3208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\dllhost.exe[3208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF002F
.text C:\WINDOWS\system32\dllhost.exe[3208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0FA8
.text C:\WINDOWS\system32\dllhost.exe[3208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\wuauclt.exe[4528] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0009000A
.text C:\WINDOWS\system32\wuauclt.exe[4528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009002F
.text C:\WINDOWS\system32\wuauclt.exe[4528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0FE5
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0067
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C004C
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F72
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0F8D
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FA8
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0093
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0078
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C00BF
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F26
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C00D0
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C002F
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0F4D
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C000A
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FC3
.text C:\WINDOWS\system32\wuauclt.exe[4528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C00A4
.text C:\WINDOWS\system32\wuauclt.exe[4528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0FAD
.text C:\WINDOWS\system32\wuauclt.exe[4528] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0FBE
.text C:\WINDOWS\system32\wuauclt.exe[4528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B002E
.text C:\WINDOWS\system32\wuauclt.exe[4528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[4528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0FD9
.text C:\WINDOWS\system32\wuauclt.exe[4528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B001D
.text C:\WINDOWS\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C001B
.text C:\WINDOWS\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0058
.text C:\WINDOWS\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C000A
.text C:\WINDOWS\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0047
.text C:\WINDOWS\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002C0036
.text C:\WINDOWS\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FAF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1836] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [004076E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1836] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A7A77D20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:43 PM

Posted 11 June 2011 - 12:51 PM

Can you now update McAfee?

#6 GeoRam

GeoRam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derby, UK
  • Local time:02:43 PM

Posted 12 June 2011 - 04:59 AM

I'm still unable to update McAfee.
It fails on autoupdate and also in manual update.
it says update is in progress but then gives the following message.
"Update Problem
McAfee cannot update your software. Check your internet connection, and then try to update your software manually. If the problem continues, please reinstall this software."
its not updated the virus scan software since 13/3/11.
Ive even tried to restore prior to then but it just fails.

Ive also run McAfees virtual technician which runs and then says it cannot download updates....
Ive tried to download the full software again from my McAfee account in order to reinstall, but the download always fails.....

any ideas would be gratefully received.

regards
Scott

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:43 PM

Posted 12 June 2011 - 03:10 PM

Lets see if ESET's Free Scan can find something. Post any errors and the results.

#8 GeoRam

GeoRam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derby, UK
  • Local time:02:43 PM

Posted 13 June 2011 - 03:48 PM

Hi,
ESET was difficult, it would not run at all in Internet Explorer, so in the end I managed to do it through Google chrome browser.
I turned McAfee off while it ran.
Result:
Scanned files 84305
infected 0
cleaned 0
scan time 01:19:15
scan status: finished

Scott

#9 GeoRam

GeoRam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derby, UK
  • Local time:02:43 PM

Posted 13 June 2011 - 05:05 PM

Hi Dan,
I decided to have a go at downloading McAfee again, but this time through Chrome browser. This actually worked whereas IE always fails to download.
I then reinstalled McAfee Security Centre and it has taken the latest definitions etc and looks to be fine again. Not sure if it will do auto update yet but will find out tomorrow. At least with all the checks we have now run, I'm happy I have no infections! Must have been something funny with IE downloading?
Thanks for your advice.
regards
Scott

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:43 PM

Posted 13 June 2011 - 08:51 PM

It could be that McAfee was corrupted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users