WiredWX Hobby Weather ToolsLog in

 


Message on my computer: Windows Security Alert :Infiltration Alert Threat

3 posters

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
.text C:\Windows\system32\SearchProtocolHost.exe[2536] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[2536] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2548] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2548] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2548] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2604] kernel32.dll!CreateThread + 1A 76B246E2 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] kernel32.dll!CreateThread + 1A 76B246E2 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2724] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 00FE00A5
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00FE0094
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 00FE00D1
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00FE0F3B
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 00FE005E
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00FE0FC3
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 00FE0F90
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 00FE0FB2
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00FE006F
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 00FE0FA1
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00FE002F
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 00FE0F60
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 00FE0F20
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00FE0FD4
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00FE00B6
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00FD0F92
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!system 76A88B63 5 Bytes JMP 00FD0FA3
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00FD0FC8
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00FD0000
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00FD001D
.text C:\Windows\system32\svchost.exe[2740] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00FD0FE3
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00FC0080
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00FC0FD4
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00FC0000
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 00FC005B
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00FC0091
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00FC0FEF
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00FC0025
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00FC004A
.text C:\Windows\system32\svchost.exe[2740] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2740] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2740] WS2_32.dll!socket 778136D1 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\rundll32.exe[2788] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
.text C:\Windows\System32\rundll32.exe[2788] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!GetStartupInfoW 76AE1929 5 Bytes JMP 001700C4
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!GetStartupInfoA 76AE19C9 5 Bytes JMP 00170F7F
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateProcessW 76AE1C01 5 Bytes JMP 001700DF
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateProcessA 76AE1C36 5 Bytes JMP 00170F49
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!VirtualProtect 76AE1DD1 5 Bytes JMP 0017007D
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateNamedPipeW 76AE5C44 5 Bytes JMP 00170FCA
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 0017006C
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryW 76B0361F 5 Bytes JMP 0017004A
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!VirtualProtectEx 76B08D7E 5 Bytes JMP 00170098
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryExA 76B09469 5 Bytes JMP 0017005B
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!LoadLibraryA 76B09491 5 Bytes JMP 00170FB9
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreatePipe 76B10284 5 Bytes JMP 001700A9
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!GetProcAddress 76B2B8B6 5 Bytes JMP 001700F0
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateFileW 76B2CC4E 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateFileA 76B2CF71 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!CreateNamedPipeA 76B7430E 5 Bytes JMP 00170025
.text C:\Windows\System32\svchost.exe[2816] kernel32.dll!WinExec 76B754FF 5 Bytes JMP 00170F5A
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_wsystem 76A88A47 5 Bytes JMP 00160FA8
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!system 76A88B63 5 Bytes JMP 00160FC3
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_creat 76A8C6F1 5 Bytes JMP 00160FDE
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_open 76A8DA7E 5 Bytes JMP 00160FEF
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_wcreat 76A8DC9E 5 Bytes JMP 00160033
.text C:\Windows\System32\svchost.exe[2816] msvcrt.dll!_wopen 76A8DE79 5 Bytes JMP 00160018
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyExA 75E6B5E7 5 Bytes JMP 00150FCD
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyA 75E6B8AE 5 Bytes JMP 00150054
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyA 75E70BF5 5 Bytes JMP 00150000
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyW 75E7B83D 5 Bytes JMP 0015006F
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegCreateKeyExW 75E7BCE1 5 Bytes JMP 00150080
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyExA 75E7D4E8 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyW 75E83CB0 5 Bytes JMP 00150025
.text C:\Windows\System32\svchost.exe[2816] ADVAPI32.dll!RegOpenKeyExW 75E8F09D 5 Bytes JMP 00150FDE
.text C:\Windows\System32\svchost.exe[2816] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2816] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2816] WS2_32.dll!socket 778136D1 5 Bytes JMP 00200FEF
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\SearchIndexer.exe[2872] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[2872] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchIndexer.exe[2872] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\WUDFHost.exe[2940] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[2940] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\WUDFHost.exe[2940] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2984] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2984] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2984] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[3064] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[3116] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[3116] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[3116] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3140] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Windows\System32\rundll32.exe[3140] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3152] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Users\Cokey&Elisha\Desktop\iuhjiqfh.exe[3352] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\hp\KBD\kbd.exe[3620] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\hp\KBD\kbd.exe[3620] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\hp\support\hpsysdrv.exe[3732] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\hp\support\hpsysdrv.exe[3732] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3812] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Program Files\iPod\bin\iPodService.exe[4224] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[4224] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[4224] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4416] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4736] KERNEL32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4736] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4736] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5504] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5504] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5504] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetForegroundWindow 7786B5F5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowPos 778721FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowPos + 4 77872202 2 Bytes [12, 5F]
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!ChangeDisplaySettingsExA 778913E2 6 Bytes JMP 5F140F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe[5576] USER32.dll!ChangeDisplaySettingsExW 778AA981 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\SearchFilterHost.exe[5720] kernel32.dll!LoadLibraryExW 76B030C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchFilterHost.exe[5720] USER32.dll!SetWindowsHookExW 77867B69 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchFilterHost.exe[5720] USER32.dll!SetWindowsHookExA 7788BB0E 6 Bytes JMP 5F040F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745B7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745F98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745BD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745AF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745B7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745AE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745EB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745BD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745B012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745B0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745A71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7463D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745D75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745ADAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745A668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745A66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745B1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2604] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2724] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2724] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
The file was too big so I sent the scan results in 20 separate messages as copied from the word document I saved it on.

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 24, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 24, 2009 14:15:28
Records in database: 2525759
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 187657
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:26:30

No malware has been detected. The scan area is clean.

The selected area was scanned.

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
Please download SysProt AntiRootkit v1.0.1.0 by Swatkat

  • Next run the file; *Note: If running vista right click and select run as administrator
  • Once opened, navigate to the log tab and select all the areas including the hidden objects only box and click on the create log button
  • A scan will start and then a window will pop up with two options, select scan all drives
  • Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: 8E04F000
Module End: 8E059000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvstor32.sys
Service Name: ---
Module Base: 8E059000
Module End: 8E076000
Hidden: Yes

Module Name: \??\C:\Windows\system32\Drivers\mchInjDrv.sys
Service Name: ---
Module Base: 9EF3E000
Module End: 9EF3F000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateProcess
Address: 807DA282
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwCreateProcessEx
Address: 807DA474
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwTerminateProcess
Address: 807D9F32
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

Function Name: ZwCreateUserProcess
Address: 807DA67C
Driver Base: 807D3000
Driver End: 807F6000
Driver Name: \SystemRoot\system32\drivers\PCTCore.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwYieldExecution
At Address: 8286E18C
Jump To: 8C9DB9EE
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwUnmapViewOfSection
At Address: 82A6BD75
Jump To: 8C9DBA18
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwSetInformationProcess
At Address: 82A7B644
Jump To: 8C9DB99C
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwSetContextThread
At Address: 82ADBC7B
Jump To: 8C9DB9B0
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwRestoreKey
At Address: 82A9C402
Jump To: 8C9DBA59
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwReplaceKey
At Address: 82A9D44E
Jump To: 8C9DBA6D
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwProtectVirtualMemory
At Address: 82A7D89E
Jump To: 8C9DB9D8
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenThread
At Address: 82A491CA
Jump To: 8C9DB948
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenProcess
At Address: 82A58B06
Jump To: 8C9DB934
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwNotifyChangeKey
At Address: 82A0817C
Jump To: 8C9DBA45
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwMapViewOfSection
At Address: 82A6B71E
Jump To: 8C9DBA02
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateFile
At Address: 82A6DF86
Jump To: 8C9DB9C4
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: PsSetContextThread
At Address: 82ADBC7B
Jump To: 8C9DB9B0
Module Name: C:\Windows\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: COKEYELISHA:49165
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: COKEYELISHA:27015
Remote Address: LOCALHOST:49165
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: COKEYELISHA:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: COKEYELISHA:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52185
Remote Address: SPYNETTEST.MICROSOFT.COM:HTTPS
Type: TCP
Process: C:\Program Files\Windows Defender\MSASCui.exe
State: ESTABLISHED

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52164
Remote Address: 198.78.220.126:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52161
Remote Address: 198.78.220.126:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52149
Remote Address: 24.143.193.42:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:52006
Remote Address: 208.49.52.75:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COKEYELISHA:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: COKEYELISHA:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: COKEYELISHA:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: COKEYELISHA:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: COKEYELISHA:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: COKEYELISHA:6646
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
State: LISTENING

Local Address: COKEYELISHA:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COKEYELISHA:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COKEYELISHA:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: COKEYELISHA:65278
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:62551
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: COKEYELISHA:59261
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: COKEYELISHA:57114
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe
State: NA

Local Address: COKEYELISHA:54042
Remote Address: NA
Type: UDP
Process: C:\Windows\HelpPane.exe
State: NA

Local Address: COKEYELISHA:50714
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: COKEYELISHA:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:65277
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:6646
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COKEYELISHA.HSD1.GA.COMCAST.NET.:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COKEYELISHA:58259
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COKEYELISHA:54618
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COKEYELISHA:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: COKEYELISHA:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
Hello.
This looks fine, what problems remain?

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
Everything seems to be working realy well now. I greatly appreciate all the efforts made on my behalf.
EElias1211

descriptionMessage on my computer: Windows Security Alert :Infiltration Alert Threat - Page 4 EmptyRe: Message on my computer: Windows Security Alert :Infiltration Alert Threat

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum