WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Hijackthis Log..computer keeps freezing up and runnign

Started by meme3160 , Jun 19 2009 02:36 PM

This topic is locked

12 replies to this topic

#1 meme3160

Authentic Member

Authentic Member
48 posts

Posted 19 June 2009 - 02:36 PM

My computer Inspiron 600m keeps freezing up and runnign slow. Can someone please help me...

Below is my hijackthis log...can someone review it please and tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:08 PM, on 6/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.fanbox.com
O15 - Trusted Zone: http://.maps.live.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://picasaweb.goo...2/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.m...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182704509518
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...508/mcfscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9354 bytes

Advertisements

Register to Remove

#2 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 20 June 2009 - 07:35 AM

Hi and Welcome,

NOTE:

Malware removal is NOT instantaneous.
Most infections require more than one round to properly eradicate.
Absence of symptoms does not always mean the job is complete.
You can be certain that I will advise you when the computer is clean.
Kindly follow my instructions in the order posted.
Please resist the urge to run further scans or fix items on your own without my direction.

Please do the following:

STEP #1

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

STEP #2

Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Please describe how your computer is behaving at the moment, listing any symptoms and problems that you are experiencing.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#3 meme3160

Authentic Member

Authentic Member
48 posts

Posted 20 June 2009 - 11:18 AM

Computer is still running very very slow and freezing up some...

DDS (Ver_09-05-14.01) - NTFSx86
Run by Moira at 9:48:51.19 on Sat 06/20/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.154 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Documents and Settings\Moira\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: fanbox.com\www
Trusted Zone: internet
Trusted Zone: live.com\.maps
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: turbotax.com
Trusted Zone: windowsupdate.com\download
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3234504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/a/0/0/a0043c6c-8cd6-428e-9c9e-01883020f5ce/mpg4dmo.CAB
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/47.12/uploader2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - hxxp://amiuptodate.mcafee.com/vsc/bin/1,0,1,0/McUpdatePortal.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182704509518
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125}
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5508/mcfscan.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-15 201320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-15 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-15 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-15 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-15 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-15 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-15 40488]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2005-9-30 92550]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-15 33832]

=============== Created Last 30 ================

2009-06-19 16:25 <DIR> --d----- c:\program files\Trend Micro
2009-06-19 16:21 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-18 18:56 3,280 a------- c:\windows\system32\wbem\Outlook_01c9f06802b8fd80.mof
2009-06-17 22:08 3,280 a------- c:\windows\system32\wbem\Outlook_01c9efb9acaca890.mof
2009-06-17 09:55 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-06-15 17:34 9,245 a------- c:\windows\system32\Config.MPF
2009-06-15 17:30 143,360 a------- c:\windows\system32\dunzip32.dll
2009-06-15 17:22 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-06-15 17:22 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-06-15 17:22 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-06-15 17:22 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-06-15 17:22 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-06-15 17:21 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-06-15 17:20 <DIR> --d----- c:\program files\McAfee.com
2009-06-15 17:20 <DIR> --d----- c:\program files\common files\McAfee
2009-06-15 17:19 <DIR> --d----- c:\program files\McAfee
2009-06-12 12:08 3,280 a------- c:\windows\system32\wbem\Outlook_01c9eb77fd0af380.mof
2009-05-27 16:48 3,280 a------- c:\windows\system32\wbem\Outlook_01c9df0c77a85590.mof
2009-05-24 09:48 3,280 a------- c:\windows\system32\wbem\Outlook_01c9dc764dbe00f0.mof

==================== Find3M ====================

2009-06-11 17:36 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-02 09:11 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-29 00:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 00:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-13 22:10 524,288 a------- c:\windows\opuc.dll
2007-10-05 14:26 60,968 ac------ c:\documents and settings\moira\GoToAssistDownloadHelper.exe
2006-10-23 07:42 21,290,704 ac------ c:\program files\AdbeRdr708_en_US.exe
2006-10-23 07:41 762,512 ac------ c:\program files\ytb612_efgsip.exe

============= FINISH: 9:51:21.54 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/25/2007 4:14:42 PM
System Uptime: 6/20/2009 9:16:38 AM (0 hours ago)

Motherboard: Dell Computer Corporation | |
Processor: Intel® Pentium® M processor 1.60GHz | Microprocessor | 598/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 38.326 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_03\4&39A85202&0&00F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_03\4&39A85202&0&00F0
Service:

Class GUID:
Description:
Device ID: ROOT\LEGACY_LAVASOFT_AD-AWARE_SERVICE\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_LAVASOFT_AD-AWARE_SERVICE\0000
Service:

==== System Restore Points ===================

RP145: 6/17/2009 5:14:40 PM - Software Distribution Service 3.0
RP146: 6/17/2009 5:56:45 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP147: 6/18/2009 7:20:02 PM - System Checkpoint
RP148: 6/19/2009 6:18:30 AM - Software Distribution Service 3.0

==== Installed Programs ======================

2600_Help
2600Trb
2700
Ad-Aware
Adobe Flash Player 10 ActiveX
AiO_Scan
AiOSoftware
ALPS Touch Pad Driver
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BlackBerry Desktop Manager
Bonjour
Broadcom 440x 10/100 Integrated Controller
BufferChm
C-Major Audio
CCScore
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant D480 MDC V.92 Modem
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Dell ResourceCD
Dell Wireless WLAN Card
Destinations
Director
DocProc
DocumentViewer
EphPod
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvcpt
ESSvpaht
ESSvpot
Fax
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HLPIndex
HLPSFO
Hotfix for Windows XP (KB915800-v4)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Update
HPODiscovery
HPSystemDiagnostics
InstantShare
Intel® PROSet/Wireless Software
Jasc Paint Shop Photo Album
Java™ SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
Macromedia Shockwave Player
McAfee SecurityCenter
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Outlook Personal Folders Backup
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSN Messenger 7.5
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
mToolkit
mWlsSafe
mWMI
mXML
mZConfig
Notifier
O2Micro Smartcard Driver
OfotoXMI
OTtBP
OTtBPSDK
Overland
PhotoGallery
PowerDVD 5.1
PrintScreen
ProductContext
QFolder
Quicken 2007
QuickProjects
QuickTime
Readme
Revo Uninstaller 1.83
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SFR
SHASTA
SKIN0001
SkinsHP1
SKINXSDK
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
System Requirements Lab
TrayApp
TurboTax Deluxe 2005
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Unload
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Driver
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebEx Support Manager for Internet Explorer
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WIRELESS
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/19/2009 9:17:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McNASvc service.
6/19/2009 3:34:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
6/19/2009 3:34:22 PM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/19/2009 10:07:10 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/19/2009 1:28:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/19/2009 1:18:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
6/19/2009 1:17:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/19/2009 1:17:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
6/19/2009 1:17:04 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2009 1:17:04 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2009 1:17:04 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2009 1:17:04 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2009 1:17:04 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/19/2009 1:16:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/17/2009 9:04:39 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/17/2009 5:58:15 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 6 time(s).
6/17/2009 5:57:51 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 5 time(s).
6/17/2009 5:08:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000011E' while processing the file 'Microsoft .. k 2003.lnk' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/17/2009 5:02:24 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 4 time(s).
6/17/2009 5:01:55 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 3 time(s).
6/17/2009 5:01:29 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 2 time(s).
6/16/2009 4:52:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
6/16/2009 4:52:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
6/16/2009 4:52:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
6/16/2009 1:57:47 PM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 000E35CADCDD has been denied by the DHCP server 10.71.0.1 (The DHCP Server sent a DHCPNACK message).
6/14/2009 8:03:34 PM, error: MSFWDrv [9] -
6/14/2009 8:01:26 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000E35CADCDD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/14/2009 12:02:40 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
6/14/2009 12:01:32 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/14/2009 11:59:42 AM, error: Service Control Manager [7000] - The Kodak DCFS2K Driver service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-20 10:48:53
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF85C687E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF85C6BFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF39779AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF3977958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF397796C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF3977A57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF3977A83]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF3977AF1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF3977ADB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF39779EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF3977B1D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF3977A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF3977930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF3977944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF39779BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF3977B59]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF3977AC5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF3977AAF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF3977A6D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF3977B45]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF3977B31]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF3977996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF3977982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF3977A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF3977B07]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF3977A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF39779D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40085
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A4006A
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40F90
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40FA1
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40039
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F5F
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A400A7
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A40F3D
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A400CC
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A400F1
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40FB2
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40096
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\svchost.exe[280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40F4E
.text C:\WINDOWS\system32\svchost.exe[280] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[280] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093004E
.text C:\WINDOWS\system32\svchost.exe[280] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[280] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[280] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0093003D
.text C:\WINDOWS\system32\svchost.exe[280] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[280] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FA5
.text C:\WINDOWS\system32\svchost.exe[280] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[280] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0093002C
.text C:\WINDOWS\system32\svchost.exe[280] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920049
.text C:\WINDOWS\system32\svchost.exe[280] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FBE
.text C:\WINDOWS\system32\svchost.exe[280] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD9
.text C:\WINDOWS\system32\svchost.exe[280] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0092000C
.text C:\WINDOWS\system32\svchost.exe[280] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0092002E
.text C:\WINDOWS\system32\svchost.exe[280] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092001D
.text C:\WINDOWS\system32\svchost.exe[280] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[280] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[280] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[280] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00910FB7
.text C:\WINDOWS\system32\svchost.exe[280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00900FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F0000A
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F7E
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00073
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F99
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00062
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FCA
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F5C
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F000A4
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000E1
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F000D0
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F000F2
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00047
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F6D
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00036
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00025
.text C:\WINDOWS\system32\services.exe[720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000BF
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30FB9
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F3001B
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F3006C
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F3005B
.text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F30040
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20F97
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F2002C
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20FD7
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20FC6
.text C:\WINDOWS\system32\services.exe[720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20011
.text C:\WINDOWS\system32\services.exe[720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60F9B
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F6009A
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60089
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60FC0
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60051
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F600C8
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60F80
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F60108
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F600ED
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F60F54
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60062
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60014
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F600AB
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F60040
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F60025
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F60F6F
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FC0
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80F83
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F8001B
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80F94
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F80FAF
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 89]
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F8002C
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70FBE
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70049
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F7001D
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70038
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F7000C
.text C:\WINDOWS\system32\lsass.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AB008B
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AB007A
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AB0069
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AB0058
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AB0036
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AB00BC
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AB0F6A
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AB0F2A
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AB0F45
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AB00DE
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AB0047
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AB0FDB
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AB0F7B
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AB001B
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AB0FCA
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AB00CD
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B00076
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B0001B
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B0005B
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B00040
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B00FC3
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AF0049
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AF0038
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AF000C
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AF0027
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AF0FD2
.text C:\WINDOWS\system32\svchost.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AE000A
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC009A
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0089
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0FAF
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0FC0
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0058
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC00B5
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F6D
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC0F48
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC00E1
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC0F2D
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC0FD1
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC0011
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC0F8A
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC0047
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC002C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC00D0
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB002C
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB0F9B
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB0011
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0FDB
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0058
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CB0047
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB0FC0
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0F95
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0FB0
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA0016
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0FC1
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA0FD2
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C9000A
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 029F0000
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 029F0F48
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 029F0F6D
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 029F0047
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 029F0F94
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 029F0FC0
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 029F0F2D
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 029F0075
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029F00AB
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029F009A
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 029F0F01
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 029F0FAF
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 029F0011
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 029F0058
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 029F0036
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 029F0FE5
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 029F0F1C
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 029E0FD1
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 029E0047
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 029E0022
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 029E0011
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 029E0F8A
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 029E0000
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 029E0FA5
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BE, 8A]
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 029E0FC0
.text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 029D0F81
.text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 029D0F92
.text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 029D000C
.text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 029D0FEF
.text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 029D0FB7
.text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 029D0FD2
.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B10000
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 029C0FEF
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 029C000A
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 029C0025
.text C:\WINDOWS\System32\svchost.exe[1124] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 029C004C
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00980FEF
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0098009A
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0098007F
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0098006E
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00980051
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00980FAF
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00980F6D
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009800B5
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009800EB
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00980F52
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009800FC
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00980040
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00980014
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00980F8A
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00980025
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00980FD4
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009800D0
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0097001E
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00970054
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00970FCD
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00970FDE
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00970F97
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0097002F
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00970FB2
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00960036
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!system 77C293C7 5 Bytes JMP 00960FAB
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00960FC6
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00960000
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00960025
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00960FD7
.text C:\WINDOWS\system32\svchost.exe[1368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0065
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB004A
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0039
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0F86
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0014
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0F55
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0091
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB00C2
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB0F29
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DB0F0E
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DB0F97
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DB0FCA
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DB0080
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DB0FA8
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DB0FB9
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DB0F44
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DA002F
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DA0065
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DA0FDE
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DA0FA8
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DA0FB9
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FA, 88]
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DA0040
.text C:\WINDOWS\system32\svchost.exe[1428] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D9003B
.text C:\WINDOWS\system32\svchost.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D90FB0
.text C:\WINDOWS\system32\svchost.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D90FD2
.text C:\WINDOWS\system32\svchost.exe[1428] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1428] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D90FC1
.text C:\WINDOWS\system32\svchost.exe[1428] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D90FE3
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D80FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260086
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260075
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F9B
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260058
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0026003D
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600BE
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260097
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600E0
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F51
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600FB
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F76
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0026002C
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002600CF
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0035005F
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350029
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0035003A
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F61
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F72
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 0038000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00380FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00380027
.text C:\Program Files\Internet Explorer\iexplore.exe[1504] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01190FEF
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01680FEF
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0168005B
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01680F66
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01680F77
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01680036
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0168001B
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01680093
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01680082
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01680F26
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016800BF
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01680F0B
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01680F94
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0168000A
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01680F4B
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01680FB9
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01680FD4
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 016800AE
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01670FC3
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01670065
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01670014
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01670FDE
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01670054
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01670FEF
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01670039
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01670FB2
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01660049
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!system 77C293C7 5 Bytes JMP 0166002E
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0166001D
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01660FE3
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01660FC8
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0166000C
.text C:\WINDOWS\Explorer.EXE[1588] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 01650000
.text C:\WINDOWS\Explorer.EXE[1588] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01650FEF
.text C:\WINDOWS\Explorer.EXE[1588] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01650FBE
.text C:\WINDOWS\Explorer.EXE[1588] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 0165001B
.text C:\WINDOWS\Explorer.EXE[1588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 016C000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c657eedd
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0010c657eedd

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Moira\My Documents\Recipes\Eggs\Breakfast Pizza.doc 24064 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Eggs\Breakfast_Taco_Recipe.doc 20480 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Eggs\Sausage and Cheese Strata.doc 24576 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Bean Dishes\BLACK BEAN DIP.doc 24064 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Bean Dishes\Dominican Beans.doc 24576 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Bean Dishes\Festive Black Bean Chili.doc 24576 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Beef\BBQ Beef Brisket 618105 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Beef\Fajitas.doc 62464 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Beef\Fajitas1.doc 25600 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Beef\Meatballs.doc 24064 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Beef\Philly Cheese Steak Sandwich recipe.htm 19920 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Beef\Salsa.doc 41984 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Beef\SLOPPY_JOES.doc 19968 bytes
File C:\Documents and Settings\Moira\My Documents\Recipes\Beef\Stuffed Flank Steak.doc 24576 bytes

---- EOF - GMER 1.0.15 ----

#4 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 20 June 2009 - 12:50 PM

Hi,

Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
It's normal after running ATF cleaner that the PC will be slower to boot the first time.

NEXT

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

In your next reply please include

MBAM Log
Kaspersky report

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#5 meme3160

Authentic Member

Authentic Member
48 posts

Posted 20 June 2009 - 07:34 PM

Is the Kaspersky scan suppose to take forever to scan? I have tried doing it a few times and it seems to be taking forever to scan. Sometimes it evens seems as if it gets to a stand still.

#6 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 20 June 2009 - 07:35 PM

It took 3 1/2 hours on my machine and its clean. The longest I've known it take was 22 hours.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#7 meme3160

Authentic Member

Authentic Member
48 posts

Posted 22 June 2009 - 04:58 AM

Malwarebytes' Anti-Malware 1.38 Database version: 2315 Windows 5.1.2600 Service Pack 3 6/20/2009 3:45:48 PM mbam-log-2009-06-20 (15-45-48).txt Scan type: Quick Scan Objects scanned: 114388 Time elapsed: 22 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 3 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\RegistryBot (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Registry Backups (Rogue.RegistryBot) -> Quarantined and deleted successfully. Files Infected: c:\program files\registrybot\Log\log_2007_02_22_09_50_50.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_22_18_11_17.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_22_19_48_46.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_22_19_49_12.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_23_02_09_30.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_23_02_14_23.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_23_07_28_07.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_23_07_39_27.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_23_13_11_06.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_23_13_43_06.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\Log\log_2007_02_23_20_46_27.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\registry backups\2007-02-09_15-17-36.reg (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\registry backups\2007-02-13_16-52-14.reg (Rogue.RegistryBot) -> Quarantined and deleted successfully. c:\program files\registrybot\registry backups\2007-02-15_16-04-40.reg (Rogue.RegistryBot) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, June 22, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Sunday, June 21, 2009 13:11:33 Records in database: 2373768 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 102973 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 14:39:31 No malware has been detected. The scan area is clean. The selected area was scanned.

#8 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 22 June 2009 - 05:08 AM

Please post a fresh HJT log and advise how your computer is running now.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#9 meme3160

Authentic Member

Authentic Member
48 posts

Posted 22 June 2009 - 06:35 AM

My laptop is running a bit better. Below is the latest hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:50 AM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger(2)\YahooMessenger.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.fanbox.com
O15 - Trusted Zone: http://.maps.live.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://picasaweb.goo...2/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.m...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182704509518
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...508/mcfscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9238 bytes

#10 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 22 June 2009 - 08:39 AM

Hi,

Your log is clean, just some minor housekeeping to take care of now.

Please do the following:

Open HijackThis.
Click Do a System Scan Only.
Put a checkmark in the box on the left side of these entries only:
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O15 - Trusted Zone: www.fanbox.com
O15 - Trusted Zone: http://.maps.live.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...ploader_v10.cab
Close ALL windows and browsers except HijackThis and click "Fix checked"
Exit HijackThis

NEXT

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
Download and install the latest Java Runtime Environment (JRE) version for your computer.(Version 6 update 14)

NEXT

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next.
Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type (or copy and paste)

cleanmgr

Press OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once that's finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here
For Firefox, I highly recommend this additional add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
Please read these useful guides How did I get infected in the first place?
PC Safety and Security--What Do I Need?

miekiemoes' Prevention topic.

Thank you for your patience, and performing all of the procedures requested.

Please respond to this thread one more time so we can mark this thread as resolved.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#11 meme3160

Authentic Member

Authentic Member
48 posts

Posted 23 June 2009 - 07:49 AM

Still running somewhat slow. The IE seems as if it freezes up some when I open it up or try to search for something. Thanks

#12 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 23 June 2009 - 08:14 AM

Hi,

Well, it isn't malware related. You might want to consider posting a new topic in our WINDOWS forum and see if the techs can figure out why it is 'freezing' there may be a setting needs adjusting.

Link back to this topic, so they can see you are clean of malware

good luck

CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#13 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 26 June 2009 - 05:12 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Body Background

skin color theme