[JSntgRvr]

Download and re-install the following Update.

http://www.microsoft...;displaylang=en

Restart the computer. Run the Seek.bat once again and post its report.

[Advertisements]

Please Open the C:\Autoexec.bat file in Notepad and remove its contents. Save the file.

Start OTScanit2. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer][Unregister Dlls][Registry - Safe List]< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\YN -> &Search -> [http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000]< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found.YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found.YN -> microsoft.com .[http] -> Trusted sitesYN -> microsoft.com .[https] -> Trusted sitesYN -> runaware.com .[*] -> Trusted sites[Empty Temp Folders][Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanit scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.


In addition:

Please download gmer.zip and save to your desktop.

• Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
• Click on this link to see a list of programs that should be disabled.
• Double-click on gmer.exe to start the program.
• Allow the gmer.sys driver to load if asked.
• You may be prompted to scan immediately if GMER detects rootkit activity.
• If you are prompted to scan your system click "Yes" to begin the scan.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as gmer.log and copy/paste the contents in your next reply.
• Exit GMER and re-enable all active protection when done.

[JSntgRvr]

Please Open the C:\Autoexec.bat file in Notepad and remove its contents. Save the file.

Start OTScanit2. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer][Unregister Dlls][Registry - Safe List]< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\YN -> &Search -> [http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000]< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found.YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found.YN -> microsoft.com .[http] -> Trusted sitesYN -> microsoft.com .[https] -> Trusted sitesYN -> runaware.com .[*] -> Trusted sites[Empty Temp Folders][Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanit scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.


In addition:

Please download gmer.zip and save to your desktop.

• Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
• Click on this link to see a list of programs that should be disabled.
• Double-click on gmer.exe to start the program.
• Allow the gmer.sys driver to load if asked.
• You may be prompted to scan immediately if GMER detects rootkit activity.
• If you are prompted to scan your system click "Yes" to begin the scan.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as gmer.log and copy/paste the contents in your next reply.
• Exit GMER and re-enable all active protection when done.

[Graye]

That was a lot, but I managed to get through it. Thanks for the concise instructions.
1. Update installed. Computer restarted. No issues encountered.
2. Seek.bat file run and report attached below under title "SeekResults"
3. autoexec.bat file opened, contents deleted, then the file was saved.
4. OTScanIt2 run, utilizing fix. Computer restarted and log popped-up. Appended below as "MovedFilesLog"
5. OTScanIt2 scan run. Log attached as "OTScanIt2"
6. gmer.exe successfully run. I should point out that, initially, the option boxes were entirely gray (as with OTScanIt2), however, after the scan had been completed, a simple movement of the window revealed the text. The resultant log is pasted below, as per your instructions:

------------------------------------------------------------------------------------------------------------------------

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-03 20:04:29
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF74A7C58]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xF74A7C10]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF749BC70]
SSDT 89F62109 ZwCreateThread
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF749C4FE]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF74A7D50]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF74A7BD4]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF749C51E]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF74A7CA6]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF74A74F0]
SSDT spov.sys ZwSetValueKey [0xF74F819A]

INT 0x62 ? 8A9D0BF8
INT 0x82 ? 8A9D0BF8
INT 0x83 ? 8A6E0BF8
INT 0xA4 ? 8A6E0BF8

---- Kernel code sections - GMER 1.0.14 ----

? spov.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B99378AC 5 Bytes JMP 8A6E01D8

---- User code sections - GMER 1.0.14 ----

.text C:\windows\system32\services.exe[792] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\services.exe[792] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\lsass.exe[804] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[976] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1044] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\System32\svchost.exe[1140] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1228] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1236] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[1340] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1876] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\Explorer.EXE[1888] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!WriteFile 7C810E17 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!CreatePipe 7C81D827 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!PeekNamedPipe 7C860817 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] kernel32.dll!WinExec 7C8623AD 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] WININET.dll!InternetOpenA 771C5786 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\windows\system32\svchost.exe[2260] WININET.dll!InternetReadFile 771C82E2 5 Bytes CALL 37001160 C:\windows\system32\EntApi.dll (EntAPI/Network Associates, Inc)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A9622D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750A93C] spov.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750A990] spov.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6E02D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74EAD92] spov.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A95E1F8

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)
AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8A6DE1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A9601F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A9601F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A9601F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A9601F8
Device \Driver\usbuhci \Device\USBPDO-1 8A6DE1F8
Device \Driver\usbehci \Device\USBPDO-2 8A6C11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B559A7B4-1F93-48BE-B65B-C15BAAC5C0AA} 8A732500
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9D11F8
Device \Driver\Cdrom \Device\CdRom0 8A54DAE0
Device \FileSystem\Rdbss \Device\FsWrap 8A5A77C8
Device \Driver\Cdrom \Device\CdRom1 8A54DAE0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A55F280
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A55F280
Device \Driver\atapi \Device\Ide\IdePort0 8A55F280
Device \Driver\atapi \Device\Ide\IdePort1 8A55F280
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A55F280
Device \Driver\Cdrom \Device\CdRom2 8A54DAE0
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A732500
Device \Driver\NetBT \Device\NetbiosSmb 8A732500
Device \FileSystem\Srv \Device\LanmanServer 8A584240
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 8A6DE1F8
Device \Driver\usbuhci \Device\USBFDO-1

Attached Files

•  SeekResults.txt   2.57KB   247 downloads
•  MovedFilesLog.txt   4.48KB   267 downloads
•  OTScanIt2.Txt   292.44KB   227 downloads

[Graye]

The complete contents of gmer.log does not seem to have made it within the prior post. I have attached it to this reply as a text file.

Attached Files

•  gmer.txt   61.1KB   286 downloads

[JSntgRvr]

When you installed the KB951978 update, I was expecting that the file in the System32 and System32\DLLCACHE folder be replaced. That did not happen.

------w 434,176 2008-04-14 00:12:08 C:\Windows\ServicePackFiles\i386\vbscript.dll
----a-w 430,080 2008-05-09 10:53:40 C:\Windows\system32\vbscript.dll
-c----w 430,080 2008-05-09 10:53:40 C:\Windows\system32\dllcache\vbscript.dll

Lets try a Home Made Fix:

Download the enclosed folder. Save and extract its contents to the desktop. Once extracted open the folder and click on the GrayeFix.bat.

The computer will restart.

Run the Seek.bat file and post a fresh report.

[Graye]

Thanks, JSntgRvr. I cannot understand why the update would not have worked. It installed properly.
In any case, I did as you instructed. A new Seek.bat results log is attached below.

Attached Files

•  SeekResults_Feb4.txt   2.57KB   227 downloads

[JSntgRvr]

We now have the right file in the right place. Are you able to search and install programs? How about seeing the text in OTScanit2?

[Graye]

I just made a trial search and it worked without a hitch.
I also attempted to install Ad-Aware AE, both from the My Download Files directory and the desktop. This time it worked without any freezes or reported errors.
The text in gray boxes within OTScanIt2, however, still remains invisible. Is that a problem or merely a glitch within said program?

[JSntgRvr]

I just made a trial search and it worked without a hitch.
I also attempted to install Ad-Aware AE, both from the My Download Files directory and the desktop. This time it worked without any freezes or reported errors.
The text in gray boxes within OTScanIt2, however, still remains invisible. Is that a problem or merely a glitch within said program?

According to the developer it could be due to a Common Control issue. It is the first time we see this. I was hoping that by restoring jscript and wscript the issue may have dissipated. Seemed these files were patched by the infection. Lets perform another scan:

Please run the F-Secure Online Scanner

Note: You must use Internet Explorer for this scan!

• Accept the License Agreement.
• Once the ActiveX installs click Full System Scan
• Once the download completes, the scan will begin automatically.
• The scan will take some time to finish, so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and copy and paste the entire report in your next reply.

[Graye]

Scanning Report
Wednesday, February 04, 2009 18:32:35 - 19:57:24

Computer name: COMPUTER-DC10C8
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 1 malware found
Client-IRC.Win32.mIRC (spyware)

* System

Statistics
Scanned:

* Files: 48865
* System: 3463
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.6.8511, 2009-02-04
* F-Secure AVP: 7.0.171, 2009-02-04
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

[Graye]

You were quite right in cautioning me toward patience, as that took significantly longer than I had anticipated. Still, it seems to have resolved yet another malware issue I was unaware of.
I did check OTScanIt2 after the scan was complete, however, I am sorry to report that nothing has changed. The gray selection boxes are still devoid of text.

[JSntgRvr]

You were quite right in cautioning me toward patience, as that took significantly longer than I had anticipated. Still, it seems to have resolved yet another malware issue I was unaware of.
I did check OTScanIt2 after the scan was complete, however, I am sorry to report that nothing has changed. The gray selection boxes are still devoid of text.

Never mind the program. You seem to have two Antivirus, McAfee and AVG. Having more than one antivirus will make your computer slow and unstable. In your position I would remove both and install AVAST. It wont slow down the computer. If you have a problem removing or installing these programs let me know. Lets do some housekeeping:

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.
  
  

Create a Restore point (If the above process fails to do so):

• Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
• In the System Restore dialog box, click Create a restore point, and then click Next.
• Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• ATF! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

Keep me posted.

[Graye]

Thank you so very much, I truly owe you. Your aid has been invaluable in every degree.
The computer is running faster and with greater efficiency than ever before. What is more, there no longer appears to be any problems with its day-to-day operations.
Again, thank you.

[JSntgRvr]

Best wishes!

[JSntgRvr]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.