Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Yahoo redirects and other annoyances


  • This topic is locked This topic is locked
22 replies to this topic

#1 wojjo58

wojjo58

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 05 September 2010 - 10:12 AM

I have moved this subject

http://www.bleepingcomputer.com/forums/topic344435.html

......here per cryptodans request. Also performed:

1) DeFogger ( I have not gone back and re-enabled the CD drivers)
2) Ran DDS
3) Ran GMER ( gave me some trouble.....I unchecked "files" because it would run for over 12 hours)

Summarizing my problems from my previous post:

1) IE8 re-directs
2) IE8 popups
3) Windows Update gives 404 error
4) AdAwre or McAfee telling me it's blocked svchost from connecting to a malicious site
5) McAfee telling me it's removed a trojan



DDS log and attach

(Ver_10-03-17.01) - NTFSx86
Run by WojoDad at 8:35:12.78 on Sun 09/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2076 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\java.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-23 64288]
R1 MemAlloc;MemAlloc;c:\windows\system32\drivers\MemAlloc.sys [2007-2-8 5543]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-19 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-19 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-19 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-19 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-19 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-19 40552]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;c:\windows\system32\drivers\lstone2k.sys --> c:\windows\system32\drivers\lstone2k.sys [?]
S3 idrmkl;idrmkl;c:\docume~1\wojodan\locals~1\temp\idrmkl.sys [2005-11-15 31744]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-19 34248]
S3 StkMini;VideoAdvantage USB;c:\windows\system32\drivers\StkMini.sys [2007-6-2 600617]

=============== Created Last 30 ================

2010-09-05 13:34:36 0 ----a-w- c:\documents and settings\wojodad\defogger_reenable
2010-09-03 01:29:37 0 d-----w- c:\docume~1\wojodad\applic~1\SUPERAntiSpyware.com
2010-09-03 01:29:37 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-03 01:29:24 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-29 15:06:19 0 d-----w- c:\program files\Safer Networking
2010-08-28 17:56:36 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-08-28 17:55:07 19569 ----a-w- c:\windows\003172_.tmp
2010-08-28 14:58:28 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 14:46:21 0 d-----w- c:\program files\CCleaner
2010-08-24 03:11:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-24 02:40:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-24 02:39:27 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-24 02:39:06 0 d-----w- c:\program files\Lavasoft
2010-08-14 15:38:26 0 d-----w- c:\program files\Trend Micro
2010-08-14 13:49:42 0 d-----w- c:\docume~1\wojodad\applic~1\Malwarebytes
2010-08-14 13:49:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-14 13:49:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-14 13:49:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-14 13:49:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-08-31 01:32:13 68632 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-15 20:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2002-07-26 23:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2010-02-19 01:11:29 88 --sh--r- c:\windows\system32\5D90E197D6.sys
2010-02-19 01:11:29 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 8:37:05.57 ===============


GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 09:49:39
Windows 5.1.2600 Service Pack 3
Running: 6mrfzfe9.exe; Driver: C:\DOCUME~1\WojoDad\LOCALS~1\Temp\pxdirpod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB5A66620]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB59A778A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB59A7738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB59A774C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB59A7837]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB59A7863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB59A78D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB59A78BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB59A77CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB59A78FD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB59A780D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB59A7710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB59A7724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB59A779E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB59A7939]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB59A78A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB59A788F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB59A784D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB59A7925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB59A7911]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB59A7776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB59A7762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB59A77F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB59A78E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB59A77E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB59A77B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP B59A77B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B59A778E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP B59A77CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP B59A77E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83CA 7 Bytes JMP B59A77A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP B59A7714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP B59A7728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE44 5 Bytes JMP B59A7766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B59A7750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP B59A773C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D16F4 5 Bytes JMP B59A777A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP B59A77FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EC 7 Bytes JMP B59A7893 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622064 7 Bytes JMP B59A78EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622916 7 Bytes JMP B59A78A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP B59A7851 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP B59A783B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP B59A7867 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80624014 7 Bytes JMP B59A78D5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062427E 7 Bytes JMP B59A78BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP B59A7811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EE8 7 Bytes JMP B59A793D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806251A8 5 Bytes JMP B59A7915 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062589C 5 Bytes JMP B59A7929 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806259B6 5 Bytes JMP B59A7901 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D7F360, 0x37388D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00050F72
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00050F83
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00050F94
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00050047
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00050025
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0005009F
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00050F57
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00050F17
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000500BA
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000500CB
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00050036
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00050FD4
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00050082
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00050FC3
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00050014
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00050F3C
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00040011
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0004005F
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0004004E
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0004003D
.text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00040022
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB005F
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB004E
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB000C
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0033
.text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\services.exe[948] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[948] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[948] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[948] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[948] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40F6E
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40F7F
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40F90
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E40FA1
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40039
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F42
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E4007E
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40F1D
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E400B6
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E400D1
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E40FB2
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E40014
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E40F53
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E40FCD
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E40FDE
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E400A5
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E30F97
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E30FB2
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E3004A
.text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010E0FB9
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!system 77C293C7 5 Bytes JMP 010E003A
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010E0029
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010E000C
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010E0FD4
.text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010E0FEF
.text C:\WINDOWS\system32\lsass.exe[960] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\lsass.exe[960] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\lsass.exe[960] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E50FDE
.text C:\WINDOWS\system32\lsass.exe[960] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E50FC3
.text C:\WINDOWS\system32\lsass.exe[960] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E50FA8
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02480FEF
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02480F8A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0248007F
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02480FA5
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02480058
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02480047
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024800BC
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024800AB
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02480F2D
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02480F3E
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02480F1C
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02480FB6
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02480000
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02480090
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02480036
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02480011
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02480F4F
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02460047
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0246008E
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0246002C
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02460011
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0246007D
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02460000
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02460FDB
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [66, 8A]
.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02460062
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02530062
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!system 77C293C7 5 Bytes JMP 02530047
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02530011
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02530000
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0253002C
.text C:\WINDOWS\system32\svchost.exe[1208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02530FE3
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0251000A
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02510FEF
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02510FD4
.text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02510025
.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02520FEF
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0F70
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0F81
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB005B
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0F9E
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FB9
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB0F38
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB0F49
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB0F1D
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB00AC
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB0F0C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB0040
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0011
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0080
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB0FCA
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB0FDB
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB0091
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FA0025
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FA006C
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FA000A
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FA0FD4
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FA0051
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FA0040
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FA0FB9
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0044
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0029
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0018
.text C:\WINDOWS\system32\svchost.exe[1332] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1332] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FC0011
.text C:\WINDOWS\system32\svchost.exe[1332] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FC0FD1
.text C:\WINDOWS\system32\svchost.exe[1332] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FC002C
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000
.text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025E0FEF
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025E0F86
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025E007B
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025E0054
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025E0F97
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025E0FC3
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025E0F69
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025E00B1
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025E00CC
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025E0F33
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025E0F22
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025E0FB2
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025E0014
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025E00A0
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025E0FD4
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025E0025
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025E0F44
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 025D0FCA
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 025D0FAF
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 025D0FE5
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 025D001B
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 025D0062
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 025D0000
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 025D0051
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 025D0036
.text C:\WINDOWS\System32\svchost.exe[1432] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E4000A
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 025C0047
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 025C0036
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 025C0FCD
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 025C0FEF
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 025C0FBC
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 025C0FDE
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 025A0000
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 025A0FDB
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 025A0011
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 025A002C
.text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 025B0FEF
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C9004A
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C90F55
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90F70
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90F97
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C90039
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C9006C
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C90F24
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C900AC
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C90F09
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C90EF8
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C90FB2
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C9005B
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C90FCD
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C90FDE
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C90087
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C80F9E
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C80F61
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C80FAF
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C80FD4
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C80F72
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C80FE5
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C80014
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C80F8D
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C70FA1
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C70FB2
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C70022
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C70FCD
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C70FDE
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001B0FDB
.text C:\WINDOWS\system32\svchost.exe[1632] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10FB9
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D100A4
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10093
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10076
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D100C9
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D10F81
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10F44
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F55
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D100EE
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D10F9E
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D10051
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D10040
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D10F70
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FCD
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0054
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD001E
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0F97
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD0039
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FB2
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wsystem 77C2931E 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0022
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0F97
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FC3
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0FA8
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA00B5
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA009A
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA007D
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA006C
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA005B
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA00E1
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA00D0
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA00FC
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA0F63
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EA0F48
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EA0FCA
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EA0FA5
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EA0040
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EA0025
.text C:\WINDOWS\system32\svchost.exe[2604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EA0F7E
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50036
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50FAF
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D5001B
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D5006C
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D50FCA
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F5, 88]
.text C:\WINDOWS\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D5005B
.text C:\WINDOWS\system32\svchost.exe[2604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D4006E
.text C:\WINDOWS\system32\svchost.exe[2604] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40053
.text C:\WINDOWS\system32\svchost.exe[2604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40FE3
.text C:\WINDOWS\system32\svchost.exe[2604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[2604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40038
.text C:\WINDOWS\system32\svchost.exe[2604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D40011
.text C:\WINDOWS\system32\svchost.exe[2604] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\system32\svchost.exe[2604] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[2604] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D20FD4
.text C:\WINDOWS\system32\svchost.exe[2604] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D20FC3
.text C:\WINDOWS\system32\svchost.exe[2604] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E8006C
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80051
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80040
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80F83
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E8001B
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80F3F
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80087
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E80F1A
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E800A9
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E80EF5
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80F94
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E80F5C
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E8000A
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80FC3
.text C:\WINDOWS\system32\svchost.exe[2676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E80098
.text C:\WINDOWS\system32\svchost.exe[2676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E70040
.text C:\WINDOWS\system32\svchost.exe[2676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E70FAF
.text C:\WINDOWS\system32\svchost.exe[2676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[2676] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E7001B
.text C:\WINDOWS\system32\svchost.exe[2676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E70FCA
.text C:\WINDOWS\system32\svchost.exe[2676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\svchost.exe[2676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E7006C
.text C:\WINDOWS\system32\svchost.exe[2676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E7005B
.text C:\WINDOWS\system32\svchost.exe[2676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E60FC3
.text C:\WINDOWS\system32\svchost.exe[2676] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E60FD4
.text C:\WINDOWS\system32\svchost.exe[2676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E60029
.text C:\WINDOWS\system32\svchost.exe[2676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\svchost.exe[2676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E60044
.text C:\WINDOWS\system32\svchost.exe[2676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E60018
.text C:\WINDOWS\system32\svchost.exe[2676] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[2676] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E50FDE
.text C:\WINDOWS\system32\svchost.exe[2676] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E50014
.text C:\WINDOWS\system32\svchost.exe[2676] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E50FCD
.text C:\WINDOWS\Explorer.EXE[2736] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[2736] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F200A2
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F20FAD
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F20FCA
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F20087
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F2005B
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F200EB
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F200CE
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F2010D
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F200FC
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F20F63
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F2006C
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F2000A
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F200B3
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F20036
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F20025
.text C:\WINDOWS\Explorer.EXE[2736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F20F88
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F1002C
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F10062
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F1001B
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F1000A
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F10FA5
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F10FB6
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [11, 89]
.text C:\WINDOWS\Explorer.EXE[2736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F1003D
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F00058
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F00047
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F00FD7
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F00000
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F0002C
.text C:\WINDOWS\Explorer.EXE[2736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F00011
.text C:\WINDOWS\Explorer.EXE[2736] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D60000
.text C:\WINDOWS\Explorer.EXE[2736] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\Explorer.EXE[2736] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\Explorer.EXE[2736] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D60025
.text C:\WINDOWS\Explorer.EXE[2736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01600FE5
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01600F65
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01600064
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01600047
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01600036
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01600FA5
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01600F1C
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01600F37
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0160009D
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01600EFA
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01600EE9
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01600F94
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01600000
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01600F54
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01600FCA
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01600011
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01600F0B
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 015F002C
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 015F007D
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 015F0FE5
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 015F001B
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 015F0062
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 015F0000
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 015F0FC0
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [7F, 89] {JG 0xffffffffffffff8b}
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 015F003D
.text C:\WINDOWS\system32\svchost.exe[2952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 015E005F
.text C:\WINDOWS\system32\svchost.exe[2952] msvcrt.dll!system 77C293C7 5 Bytes JMP 015E0044
.text C:\WINDOWS\system32\svchost.exe[2952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 015E0029
.text C:\WINDOWS\system32\svchost.exe[2952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 015E0000
.text C:\WINDOWS\system32\svchost.exe[2952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 015E0FD4
.text C:\WINDOWS\system32\svchost.exe[2952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 015E0FEF
.text C:\WINDOWS\system32\svchost.exe[2952] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 015C0FEF
.text C:\WINDOWS\system32\svchost.exe[2952] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 015C0014
.text C:\WINDOWS\system32\svchost.exe[2952] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 015C002F
.text C:\WINDOWS\system32\svchost.exe[2952] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 015C0040
.text C:\WINDOWS\system32\svchost.exe[2952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 015D0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\wuauclt.exe[3124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\wuauclt.exe[3124] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C1000C
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02DF000A
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02DF008C
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02DF0F97
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02DF0FA8
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02DF005B
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02DF0FC3
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02DF0F6B
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02DF00A7
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02DF00FA
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02DF00E9
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02DF0F50
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02DF004A
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02DF0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02DF0F7C
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02DF0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02DF0025
.text C:\WINDOWS\system32\wuauclt.exe[3124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02DF00CE
.text C:\WINDOWS\system32\wuauclt.exe[3124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02DD0F9C
.text C:\WINDOWS\system32\wuauclt.exe[3124] msvcrt.dll!system 77C293C7 5 Bytes JMP 02DD0027
.text C:\WINDOWS\system32\wuauclt.exe[3124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02DD0016
.text C:\WINDOWS\system32\wuauclt.exe[3124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02DD0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02DD0FC1
.text C:\WINDOWS\system32\wuauclt.exe[3124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02DD0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02DE0FA8
.text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02DE000A
.text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02DE0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02DE0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02DE0F4D
.text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02DE0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02DE0F72
.text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FE, 8A]
.text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02DE0F8D
.text C:\WINDOWS\system32\wuauclt.exe[3124] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02DB0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3124] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02DB000A
.text C:\WINDOWS\system32\wuauclt.exe[3124] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02DB0025
.text C:\WINDOWS\system32\wuauclt.exe[3124] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02DB0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02DC0000
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[3452] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10005230 C:\Program Files\Ideazon\ZEngine\ZESystem.dll (rscoree/Remotesoft, Inc.)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[3452] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 6305DA75 C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[3452] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 6305CBDD C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[3452] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 630019DB C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[3452] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 630019AC C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001D0000
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001D0F92
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001D0087
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001D0FAF
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001D006C
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001D0036
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001D0F66
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001D00AE
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001D0F30
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001D0F41
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001D0F0B
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001D0051
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001D0FEF
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001D0F77
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001D001B
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001D0FD4
.text C:\WINDOWS\System32\svchost.exe[3824] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001D00C9
.text C:\WINDOWS\System32\svchost.exe[3824] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C002C
.text C:\WINDOWS\System32\svchost.exe[3824] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0F83
.text C:\WINDOWS\System32\svchost.exe[3824] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C001B
.text C:\WINDOWS\System32\svchost.exe[3824] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0000
.text C:\WINDOWS\System32\svchost.exe[3824] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0F94
.text C:\WINDOWS\System32\svchost.exe[3824] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\System32\svchost.exe[3824] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002C0FA5
.text C:\WINDOWS\System32\svchost.exe[3824] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4C, 88]
.text C:\WINDOWS\System32\svchost.exe[3824] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FCA
.text C:\WINDOWS\System32\svchost.exe[3824] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00410044
.text C:\WINDOWS\System32\svchost.exe[3824] msvcrt.dll!system 77C293C7 5 Bytes JMP 00410029
.text C:\WINDOWS\System32\svchost.exe[3824] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00410018
.text C:\WINDOWS\System32\svchost.exe[3824] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00410FEF
.text C:\WINDOWS\System32\svchost.exe[3824] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00410FB9
.text C:\WINDOWS\System32\svchost.exe[3824] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00410FDE
.text C:\WINDOWS\System32\svchost.exe[3824] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0079000A
.text C:\WINDOWS\System32\svchost.exe[3824] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0079001B
.text C:\WINDOWS\System32\svchost.exe[3824] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00790FE5
.text C:\WINDOWS\System32\svchost.exe[3824] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00790FC0
.text C:\WINDOWS\System32\svchost.exe[3824] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01060000
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01060F83
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01060F94
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0106006E
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01060FA5
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01060036
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01060093
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01060F4B
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01060F15
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01060F26
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010600C9
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01060047
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01060FE5
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01060F68
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01060FCA
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0106001B
.text C:\WINDOWS\system32\dllhost.exe[3876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010600AE
.text C:\WINDOWS\system32\dllhost.exe[3876] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0FA1
.text C:\WINDOWS\system32\dllhost.exe[3876] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FBC
.text C:\WINDOWS\system32\dllhost.exe[3876] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0022
.text C:\WINDOWS\system32\dllhost.exe[3876] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\dllhost.exe[3876] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FD7
.text C:\WINDOWS\system32\dllhost.exe[3876] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\dllhost.exe[3876] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01050FAF
.text C:\WINDOWS\system32\dllhost.exe[3876] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01050051
.text C:\WINDOWS\system32\dllhost.exe[3876] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01050FCA
.text C:\WINDOWS\system32\dllhost.exe[3876] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01050FEF
.text C:\WINDOWS\system32\dllhost.exe[3876] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01050F9E
.text C:\WINDOWS\system32\dllhost.exe[3876] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01050000
.text C:\WINDOWS\system32\dllhost.exe[3876] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01050040
.text C:\WINDOWS\system32\dllhost.exe[3876] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0105001B
.text C:\WINDOWS\system32\dllhost.exe[3876] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\dllhost.exe[3876] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\dllhost.exe[3876] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FD0014
.text C:\WINDOWS\system32\dllhost.exe[3876] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\system32\dllhost.exe[3876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FE5

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

---- EOF - GMER 1.0.15 ----


Thank you very much for your time on this matter

I have added a log of HijackThis for good measure. I will going to church now....offhand, anyone know the patron saint of malware removal?


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:50 AM, on 9/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13461 bytes

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 05 September 2010 - 04:13 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 13 September 2010 - 04:15 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wojjo58

wojjo58
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 13 September 2010 - 08:16 AM

At last...a voice from the wilderness ! I thought all was lost............ :-)


Thanks Gringo....I am presently at work and will perform your requested tasks once I get home tonight. I do have a question: Last week I ran Defogger once per Crytodans instructions ...I didn't re-enable the drivers. Are they still disabled after multiple reboots? How could I tell?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 13 September 2010 - 03:09 PM

Hello

Just rerun it again it will not hurt anything


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 wojjo58

wojjo58
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 13 September 2010 - 10:03 PM

Theseare the logs from the DDS run:


DDS (Ver_10-03-17.01) - NTFSx86
Run by WojoDad at 22:00:20.29 on Mon 09/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2164 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Documents and Settings\WojoDad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-23 64288]
R1 MemAlloc;MemAlloc;c:\windows\system32\drivers\MemAlloc.sys [2007-2-8 5543]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-19 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-19 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-19 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-19 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-19 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-19 40552]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;c:\windows\system32\drivers\lstone2k.sys --> c:\windows\system32\drivers\lstone2k.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
S3 idrmkl;idrmkl;c:\docume~1\wojodan\locals~1\temp\idrmkl.sys [2005-11-15 31744]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-19 34248]
S3 StkMini;VideoAdvantage USB;c:\windows\system32\drivers\StkMini.sys [2007-6-2 600617]

=============== Created Last 30 ================

2010-09-05 13:34:36 0 ----a-w- c:\documents and settings\wojodad\defogger_reenable
2010-09-03 01:29:37 0 d-----w- c:\docume~1\wojodad\applic~1\SUPERAntiSpyware.com
2010-09-03 01:29:37 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-03 01:29:24 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-29 15:06:19 0 d-----w- c:\program files\Safer Networking
2010-08-28 17:56:36 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-08-28 17:55:07 19569 ----a-w- c:\windows\003172_.tmp
2010-08-28 14:58:28 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 14:46:21 0 d-----w- c:\program files\CCleaner
2010-08-24 03:11:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-24 02:40:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-24 02:39:27 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-24 02:39:06 0 d-----w- c:\program files\Lavasoft

==================== Find3M ====================

2010-08-31 01:32:13 68632 ---ha-w- c:\windows\system32\mlfcache.dat
2002-07-26 23:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2010-02-19 01:11:29 88 --sh--r- c:\windows\system32\5D90E197D6.sys
2010-02-19 01:11:29 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:02:15.75 ===============


#6 wojjo58

wojjo58
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 13 September 2010 - 10:05 PM

These are the logs from the DDS (attach)


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/4/2006 9:10:00 AM
System Uptime: 9/13/2010 4:55:45 PM (6 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 17.78 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 466 GiB total, 415.973 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP990: 7/12/2010 5:01:34 PM - System Checkpoint
RP991: 7/13/2010 9:43:36 PM - System Checkpoint
RP992: 7/14/2010 10:05:17 PM - Software Distribution Service 3.0
RP993: 7/17/2010 12:31:41 PM - System Checkpoint
RP994: 7/18/2010 3:57:49 PM - System Checkpoint
RP995: 7/19/2010 9:01:55 PM - System Checkpoint
RP996: 7/26/2010 8:25:09 AM - System Checkpoint
RP997: 7/27/2010 9:41:41 PM - System Checkpoint
RP998: 7/30/2010 3:15:36 PM - System Checkpoint
RP999: 8/2/2010 11:30:09 AM - System Checkpoint
RP1000: 8/8/2010 9:49:34 PM - System Checkpoint
RP1001: 8/9/2010 10:28:41 PM - System Checkpoint
RP1002: 8/12/2010 8:17:52 PM - System Checkpoint
RP1003: 8/14/2010 10:29:03 AM - System Checkpoint
RP1004: 8/22/2010 6:37:41 PM - System Checkpoint
RP1005: 8/23/2010 7:19:25 PM - System Checkpoint
RP1006: 8/27/2010 7:33:46 PM - System Checkpoint
RP1007: 8/28/2010 9:58:00 AM - Installed Java™ 6 Update 21
RP1008: 8/28/2010 12:55:24 PM - Installed Windows XP Service Pack 3.
RP1009: 8/28/2010 1:06:19 PM - Installed Windows XP KB2229593.
RP1010: 8/28/2010 1:07:01 PM - Installed Windows XP KB923561.
RP1011: 8/28/2010 1:07:40 PM - Installed Windows XP KB938464-v2.
RP1012: 8/28/2010 1:08:38 PM - Installed Windows XP KB946648.
RP1013: 8/28/2010 1:09:26 PM - Installed Windows XP KB950762.
RP1014: 8/28/2010 1:10:09 PM - Installed Windows XP KB950974.
RP1015: 8/28/2010 1:11:01 PM - Installed Windows XP KB951066.
RP1016: 8/28/2010 1:11:47 PM - Installed Windows XP KB951376-v2.
RP1017: 8/28/2010 1:12:35 PM - Installed Windows XP KB951748.
RP1018: 8/28/2010 1:13:18 PM - Installed Windows XP KB952004.
RP1019: 8/28/2010 1:14:06 PM - Installed Windows XP KB952287.
RP1020: 8/28/2010 1:14:44 PM - Installed Windows XP KB952954.
RP1021: 8/28/2010 1:15:24 PM - Installed Windows XP KB954600.
RP1022: 8/28/2010 1:16:04 PM - Installed Windows XP KB974112.
RP1023: 8/28/2010 1:16:44 PM - Installed Windows XP KB955069.
RP1024: 8/28/2010 1:17:25 PM - Installed Windows XP KB973687.
RP1025: 8/28/2010 1:18:06 PM - Installed Windows XP KB955759.
RP1026: 8/28/2010 1:18:53 PM - Installed Windows XP KB956572.
RP1027: 8/28/2010 1:19:39 PM - Installed Windows XP KB956802.
RP1028: 8/28/2010 1:20:18 PM - Installed Windows XP KB956803.
RP1029: 8/28/2010 1:20:57 PM - Installed Windows XP KB956844.
RP1030: 8/28/2010 1:21:37 PM - Installed Windows XP KB957097.
RP1031: 8/28/2010 1:22:53 PM - Installed Windows XP KB958644.
RP1032: 8/28/2010 1:23:35 PM - Installed Windows XP KB958687.
RP1033: 8/28/2010 1:24:15 PM - Installed Windows XP KB958690.
RP1034: 8/28/2010 1:24:54 PM - Installed Windows XP KB959426.
RP1035: 8/28/2010 1:25:33 PM - Installed Windows XP KB960225.
RP1036: 8/28/2010 1:26:12 PM - Installed Windows XP KB960803.
RP1037: 8/28/2010 1:26:55 PM - Installed Windows XP KB960859.
RP1038: 8/28/2010 1:27:36 PM - Installed Windows XP KB961118.
RP1039: 8/28/2010 1:28:24 PM - Installed Windows XP KB961371.
RP1040: 8/28/2010 1:29:05 PM - Installed Windows XP KB961373.
RP1041: 8/28/2010 1:29:43 PM - Installed Windows XP KB961501.
RP1042: 8/28/2010 1:30:26 PM - Installed Windows XP KB967715.
RP1043: 8/28/2010 1:31:06 PM - Installed Windows XP KB968389.
RP1044: 8/28/2010 1:31:47 PM - Installed Windows XP KB968537.
RP1045: 8/28/2010 1:32:27 PM - Installed Windows XP KB969059.
RP1046: 8/28/2010 1:33:11 PM - Installed Windows XP KB969947.
RP1047: 8/28/2010 1:33:52 PM - Installed Windows XP KB970238.
RP1048: 8/28/2010 1:34:31 PM - Installed Windows XP KB970430.
RP1049: 8/28/2010 1:35:09 PM - Installed Windows XP KB971468.
RP1050: 8/28/2010 1:36:05 PM - Installed Windows XP KB971486.
RP1051: 8/28/2010 1:36:45 PM - Installed Windows XP KB971557.
RP1052: 8/28/2010 1:37:27 PM - Installed Windows XP KB971633.
RP1053: 8/28/2010 1:38:20 PM - Installed Windows XP KB971657.
RP1054: 8/28/2010 1:39:14 PM - Installed Windows XP KB971737.
RP1055: 8/28/2010 1:40:08 PM - Installed Windows XP KB972270.
RP1056: 8/28/2010 1:40:59 PM - Installed Windows XP KB973354.
RP1057: 8/28/2010 1:41:42 PM - Installed Windows XP KB973507.
RP1058: 8/28/2010 1:42:28 PM - Installed Windows XP KB973687.
RP1059: 8/28/2010 1:43:06 PM - Installed Windows XP KB973815.
RP1060: 8/28/2010 1:43:46 PM - Installed Windows XP KB973869.
RP1061: 8/28/2010 1:44:25 PM - Installed Windows XP KB974112.
RP1062: 8/28/2010 1:45:03 PM - Installed Windows XP KB974318.
RP1063: 8/28/2010 1:45:41 PM - Installed Windows XP KB974392.
RP1064: 8/28/2010 1:46:24 PM - Installed Windows XP KB974571.
RP1065: 8/28/2010 1:47:05 PM - Installed Windows XP KB975025.
RP1066: 8/28/2010 1:47:44 PM - Installed Windows XP KB975467.
RP1067: 8/28/2010 1:48:25 PM - Installed Windows XP KB975560.
RP1068: 8/28/2010 1:49:09 PM - Installed Windows XP KB975561.
RP1069: 8/28/2010 1:49:50 PM - Installed Windows XP KB975562.
RP1070: 8/28/2010 1:50:37 PM - Installed Windows XP KB977165.
RP1071: 8/28/2010 1:51:20 PM - Installed Windows XP KB977914.
RP1072: 8/28/2010 1:52:00 PM - Installed Windows XP KB978037.
RP1073: 8/28/2010 1:52:41 PM - Installed Windows XP KB978251.
RP1074: 8/28/2010 1:53:23 PM - Installed Windows XP KB978338.
RP1075: 8/28/2010 1:54:06 PM - Installed Windows XP KB978542.
RP1076: 8/28/2010 1:55:30 PM - Installed Windows XP KB978601.
RP1077: 8/28/2010 1:56:09 PM - Installed Windows XP KB978706.
RP1078: 8/28/2010 1:56:48 PM - Installed Windows XP KB979309.
RP1079: 8/28/2010 1:57:27 PM - Installed Windows XP KB979482.
RP1080: 8/28/2010 1:58:34 PM - Installed Windows XP KB979559.
RP1081: 8/28/2010 1:59:26 PM - Installed Windows XP KB979683.
RP1082: 8/28/2010 2:00:11 PM - Installed Windows XP KB980218.
RP1083: 8/28/2010 2:00:50 PM - Installed Windows XP KB980232.
RP1084: 8/31/2010 11:05:51 PM - System Checkpoint
RP1085: 9/2/2010 5:29:28 PM - System Checkpoint
RP1086: 9/3/2010 10:37:15 PM - System Checkpoint
RP1087: 9/5/2010 11:40:49 AM - System Checkpoint
RP1088: 9/7/2010 8:16:11 PM - System Checkpoint
RP1089: 9/9/2010 9:12:37 PM - System Checkpoint
RP1090: 9/11/2010 9:20:20 AM - System Checkpoint

==== Installed Programs ======================


3DMark06
737-700 Southwest Airlines Liveries Package v2.2
924PLC32
Abacus Flight Deck 4
ABBYY FineReader 6.0 Sprint
Ad-Aware
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Self Support Tool
AT&T Yahoo! Applications
ATI Display Driver
ATITool Overclocking Utility
Battlefield 2™
Bonjour
Cajon Pass Route - High Desert Rails Edition 1.6 Update
Call of Duty
Call of Duty - United Offensive
Call of Duty® 2
Call of Duty® 4 - Modern Warfare™
CCleaner
Class_50_Content_Update
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Crazy Taxi
Create and Print Plugin 3.6 (build 6013)
Crysis®
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Photo AIO Printer 924
Dell Resource CD
Dell System Restore
Delta Force - Black Hawk Down
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
Driver Detective
EarthLink setup files
EducateU
ELIcon
ESPNMotion
Falcon 4.0: Allied Force
FileAlyzer
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Indiana Jones and the Emperors Tomb
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Service Offers Launcher
iTunes
Jane's Attack Squadron
Java Auto Updater
Java™ 6 Update 21
JetFighter IV
Kicking Horse Pass (v. 2.0)
Learn2 Player (Uninstall Only)
Linksys Updater
LiveUpdate Notice (Symantec Corporation)
Logitech Gaming Software
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MCU
Medal of Honor Allied Assault
Michigan Iron Ore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Flight Simulator X
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Train Simulator
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Modem Helper
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
NVIDIA Drivers
NVIDIA nTune
Orion's TheSky (Remove only)
PowerDirector
PowerProducer Express
Print Perfect DVD
PunkBuster Services
Quantum of Solace™
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
SD40-2_Content_Update
Seagate DiscWizard
Search Assist
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shenandoah Software
Ship Simulator 2008 Demo
Sky! Conductor
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Star Wars Battlefront
Star Wars JK II Jedi Outcast
Studio Content CD
SUPERAntiSpyware
TC
THE CAJON PASS ROUTE 1.5
Tiger Woods PGA TOUR 07
TRS2006
TurboTax 2008
TurboTax 2008 wiliper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wiliper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
V1 Home 2.0
Ventrilo Client
VideoAdvantage USB
VideoAdvantage USB Driver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
World of Warcraft
Yahoo! Browser Services
Yahoo! Toolbar
Z Engine

==== Event Viewer Messages From Past Week ========

9/9/2010 8:25:17 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/9/2010 8:25:17 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/9/2010 8:25:14 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the file specified.
9/11/2010 3:11:28 PM, error: Dhcp [1002] - The IP address lease 99.142.82.226 for the Network Card with network address 001372E04735 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
9/11/2010 2:21:58 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001372E04735 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
9/11/2010 2:15:22 PM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

==== End Of File ===========================


#7 wojjo58

wojjo58
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 13 September 2010 - 10:14 PM

This is the output of the RKUnhooker

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8B44000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6557696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.19 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6111232 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 175.19 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB616F000 C:\WINDOWS\system32\drivers\sthda.sys 1069056 bytes (SigmaTel, Inc., NDRC)
0xB898E000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB88E7000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9E1F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB570E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9D92000 timntr.sys 393216 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xB880B000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5862000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB3E32000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB3FC9000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8AB0000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB56DB000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xB8869000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB44BA000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DF2000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAF90A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB577E000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8B08000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB57ED000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB583B000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB88C1000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xB5815000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB568F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB5D2B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8AE4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8A8D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB57CB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB57A9000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9D76000 snapman.sys 114688 bytes (Acronis, Acronis Snapshot API)
0xB9D5C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB4A30000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9EAC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB88AA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB4A48000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB4A1A000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9EC3000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB4785000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8B30000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB58BB000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB2767000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8899000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB567E000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA318000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4842000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB9205000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA288000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\ATITool.sys 49152 bytes (-, Low-Level Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB9185000 C:\WINDOWS\system32\DRIVERS\Alpham1.sys 45056 bytes (Ideazon Corporation, ZBoard Keyboards driver)
0xB91A5000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA298000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA2E8000 C:\WINDOWS\system32\drivers\WmXlCore.sys 45056 bytes (Logitech Inc., Logitech WingMan Translation Driver)
0xBA198000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA2F8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB30F7000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB9195000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA248000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB91D5000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB2A11000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB91C5000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAF6AA000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB91E5000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3B8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA478000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA4A8000 C:\WINDOWS\nvoclock.sys 32768 bytes (NVidia Corp., NVidia System Utility Driver)
0xBA370000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 32768 bytes (Acronis, Acronis True Image File System Filter)
0xBA448000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA380000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA460000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA420000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA488000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA458000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA3C0000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA480000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA468000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA490000 C:\WINDOWS\system32\DRIVERS\Alpham2.sys 20480 bytes (Ideazon Corporation, MM ZBoard Keyboards driver)
0xBA470000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA378000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB4012000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB56CF000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB5A46000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB95B9000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xB9C9B000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB4A12000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB5A5A000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB58FE000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB5A4E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9D0F000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB327B000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xB5A42000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9D03000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9D0B000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xB5A76000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9C97000 C:\WINDOWS\system32\drivers\WmBEnum.sys 12288 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver )
0xB5A5E000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5EC000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xBA668000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA608000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA644000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA666000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA66A000 C:\WINDOWS\system32\DRIVERS\memalloc.sys 8192 bytes (Pinnacle Systems GmbH, MemAlloc - Memory locking Driver.)
0xBA66C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA66E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA60A000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA664000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7C9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6CE000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA728000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6FB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8AF15AEA ?_empty_? 1302 bytes
0x8AF15EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x8B061368 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9F0B000 WARNING: suspicious driver modification [atapi.sys::0x8AF15AEA]
0x01170000 Hidden Image-->Utils.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 102400 bytes
0x05950000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x8A538020 ] PID: 2848, 1077248 bytes
0x058F0000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x8A538020 ] PID: 2848, 126976 bytes
0x09A50000 Hidden Image-->System.EnterpriseServices.Wrapper.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 126976 bytes
0x03670000 Hidden Image-->System.XML.dll [ EPROCESS 0x8A538020 ] PID: 2848, 2060288 bytes
0xBA3E8000 WARNING: Virus alike driver modification [mouclass.sys], 24576 bytes
0x036E0000 Hidden Image-->logger.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 258048 bytes
0x04A40000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x8A538020 ] PID: 2848, 266240 bytes
0x04780000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x8A538020 ] PID: 2848, 270336 bytes
0x04620000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 270336 bytes
0x05D00000 Hidden Image-->log4net.dll [ EPROCESS 0x8A538020 ] PID: 2848, 282624 bytes
0x04410000 Hidden Image-->System.Data.dll [ EPROCESS 0x8A538020 ] PID: 2848, 2961408 bytes
0x041D0000 Hidden Image-->System.Data.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 2961408 bytes
0x04FE0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8A538020 ] PID: 2848, 307200 bytes
0x038A0000 Hidden Image-->System.dll [ EPROCESS 0x8A538020 ] PID: 2848, 3190784 bytes
0x06850000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x8A538020 ] PID: 2848, 421888 bytes
0x035F0000 Hidden Image-->System.configuration.dll [ EPROCESS 0x8A538020 ] PID: 2848, 438272 bytes
0x037C0000 Hidden Image-->AxInterop.WBOCXLib.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 45056 bytes
0x03A90000 Hidden Image-->Interop.WBOCXLib.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 45056 bytes
0x04180000 Hidden Image-->GuiTranslation.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 45056 bytes
0x0AFF0000 Hidden Image-->Interop.IZDeviceLib.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 45056 bytes
0x0B090000 Hidden Image-->UmodeEngine.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 45056 bytes
0x01380000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x8A538020 ] PID: 2848, 471040 bytes
0x048A0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x8A538020 ] PID: 2848, 479232 bytes
0x06350000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x8A538020 ] PID: 2848, 479232 bytes
0x05230000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x8A538020 ] PID: 2848, 5033984 bytes
0x012F0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x8A538020 ] PID: 2848, 53248 bytes
0x04050000 Hidden Image-->DeviceManager.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 53248 bytes
0x0B0B0000 Hidden Image-->AlphaUmodeEngine.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 53248 bytes
0x03780000 Hidden Image-->SystemLogic.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 61440 bytes
0x05790000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x8A538020 ] PID: 2848, 634880 bytes
0x03840000 Hidden Image-->Client.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 659456 bytes
0x03FA0000 Hidden Image-->GUIengine.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 675840 bytes
0x03590000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x8A538020 ] PID: 2848, 77824 bytes
0x04350000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x8A538020 ] PID: 2848, 778240 bytes
0x03DE0000 Hidden Image-->DBSEngine.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 798720 bytes
0x035D0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x8A538020 ] PID: 2848, 86016 bytes
0x03ED0000 Hidden Image-->SysTray.dll [ EPROCESS 0x89B7E3B8 ] PID: 6044, 86016 bytes
0x061D0000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x8A538020 ] PID: 2848, 872448 bytes


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 13 September 2010 - 10:46 PM

Greetings

One or more of the identified infections is Known as a Backdoor Trojan. - TDSS rootkit <--please read

What this virus does do.
QUOTE
Functionality
The functionality that the Trojan exhibits implies that it has been designed with profit-making as its primary objective. Making money from the Web typically involves generating Web traffic, installing pay-per-install software and also by generating sales leads for other Web sites and services of a dubious nature. It tries to achieve its objective by employing an array of techniques to try and make the user participate in these income-generating activities.


What the virus can do.
QUOTE
Backdoor.Tidserv is a Trojan horse that uses an advanced rootkit to hide itself. It also displays advertisements, redirects user search results, and opens a back door on the compromised computer.


This "could" allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can clean this machine but I cannot guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 wojjo58

wojjo58
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 14 September 2010 - 10:31 AM

Thanks for he quick turnaround....

I don't use this pc for anything major, (banking, etc) so I will proceed with the ComboFix later this evening. Is there a known percentage of PCs that were infected with the TDSS rootkit that could not be cleaned, or were re-infected even after appearing clean?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 14 September 2010 - 11:26 AM

Hello

Is there a known percentage of PCs that were infected with the TDSS rootkit that could not be cleaned, or were re-infected even after appearing clean?
The cleaning is not the problem, the virus I can remove. the problem is if the person that controled this virus did get into the computer he could in thoery put in a back door that we could not find and if he was able to find the computer again be able to enter without us knowing.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 wojjo58

wojjo58
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 14 September 2010 - 10:54 PM

Following is the ComboFix Log. I followed the directions to disable the ATT MCAfee AV, and while all indications showed it to be disabled ( The "M" in the system tray had an "X" through it) it apears that ComboFix showed it running. At The first attempted run, ComboFix said a rootkit was detected and needed to reboot. After the reboot. right at the beginning of the scan, McAfee blocked some executable from running. Important? Please advise.

Thank you for your efforts ! :-)

ComboFix 10-09-14.01 - WojoDad 09/14/2010 22:16:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2488 [GMT -5:00]
Running from: c:\documents and settings\WojoDad\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\UNWISE.EXE

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-14 03:50 . 2010-09-14 03:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-11 20:57 . 2010-09-11 20:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-09-04 04:06 . 2010-09-04 04:06 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-04 04:06 . 2010-09-04 04:06 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-04 04:06 . 2010-09-04 04:06 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-04 04:05 . 2010-09-04 04:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-09-04 04:04 . 2010-09-04 04:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-04 02:14 . 2010-09-04 02:14 -------- d-----w- c:\documents and settings\WojoDan\Application Data\Malwarebytes
2010-09-03 01:31 . 2010-09-03 01:31 63488 ----a-w- c:\documents and settings\WojoDad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-03 01:31 . 2010-09-03 01:31 52224 ----a-w- c:\documents and settings\WojoDad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-03 01:31 . 2010-09-03 01:31 117760 ----a-w- c:\documents and settings\WojoDad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 01:29 . 2010-09-03 01:29 -------- d-----w- c:\documents and settings\WojoDad\Application Data\SUPERAntiSpyware.com
2010-09-03 01:29 . 2010-09-03 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-03 01:29 . 2010-09-03 01:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-02 00:58 . 2010-09-02 00:58 503808 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4259ed66-n\msvcp71.dll
2010-09-02 00:58 . 2010-09-02 00:58 499712 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4259ed66-n\jmc.dll
2010-09-02 00:58 . 2010-09-02 00:58 348160 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4259ed66-n\msvcr71.dll
2010-09-02 00:58 . 2010-09-02 00:58 61440 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-64c45dde-n\decora-sse.dll
2010-09-02 00:58 . 2010-09-02 00:58 12800 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-64c45dde-n\decora-d3d.dll
2010-08-29 15:06 . 2010-08-29 15:06 -------- d-----w- c:\program files\Safer Networking
2010-08-28 17:56 . 2008-04-14 10:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-08-28 14:59 . 2010-08-28 14:59 503808 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1cb9eb21-n\msvcp71.dll
2010-08-28 14:59 . 2010-08-28 14:59 499712 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1cb9eb21-n\jmc.dll
2010-08-28 14:59 . 2010-08-28 14:59 348160 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1cb9eb21-n\msvcr71.dll
2010-08-28 14:58 . 2010-08-28 14:58 61440 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d275a82-n\decora-sse.dll
2010-08-28 14:58 . 2010-08-28 14:58 12800 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d275a82-n\decora-d3d.dll
2010-08-28 14:58 . 2010-08-28 14:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 14:46 . 2010-08-28 14:46 -------- d-----w- c:\program files\CCleaner
2010-08-26 00:50 . 2010-08-26 00:50 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-24 03:11 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-24 02:40 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-24 02:39 . 2010-08-24 02:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-24 02:39 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-24 02:39 . 2010-08-24 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-24 02:39 . 2010-08-24 02:39 -------- d-----w- c:\program files\Lavasoft
2010-08-23 23:52 . 2010-08-23 23:52 -------- d-sh--w- c:\documents and settings\WojoDan\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 01:41 . 2009-10-10 20:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-15 01:41 . 2006-09-08 00:32 -------- d-----w- c:\program files\Dl_cats
2010-09-09 01:18 . 2007-11-30 01:38 -------- d-----w- c:\program files\World of Warcraft
2010-08-31 01:32 . 2009-09-11 22:48 68632 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-31 00:47 . 2006-09-05 20:07 91352 ----a-w- c:\documents and settings\WojoDan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-28 19:15 . 2006-09-04 14:50 91352 ----a-w- c:\documents and settings\WojoDad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-28 18:03 . 2005-08-16 09:41 88983 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-28 14:58 . 2006-08-29 23:01 -------- d-----w- c:\program files\Java
2010-08-28 14:58 . 2006-08-29 23:01 -------- d-----w- c:\program files\Common Files\Java
2010-08-18 17:39 . 2010-06-21 12:54 27630760 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-08-14 15:59 . 2006-08-29 23:15 -------- d-----w- c:\program files\BAE
2010-08-14 15:38 . 2010-08-14 15:38 -------- d-----w- c:\program files\Trend Micro
2010-08-14 13:49 . 2010-08-14 13:49 -------- d-----w- c:\documents and settings\WojoDad\Application Data\Malwarebytes
2010-08-14 13:49 . 2010-08-14 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 13:49 . 2010-08-14 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-29 01:39 . 2010-07-29 01:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\yahoo!
2010-07-26 00:14 . 2006-08-29 23:14 -------- d-----w- c:\program files\McAfee
2010-07-15 20:18 . 2009-04-19 23:16 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-02-19 01:11 . 2006-09-09 15:22 88 --sh--r- c:\windows\system32\5D90E197D6.sys
2010-02-19 01:11 . 2006-09-09 15:22 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-07 61440]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-9-15 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-29 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"i:\\CRYSIS\\Bin32\\Crysis.exe"=
"i:\\CRYSIS\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"i:\\Activision\\JB_LiveEngine_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/23/2010 9:40 PM 64288]
R1 MemAlloc;MemAlloc;c:\windows\system32\drivers\MemAlloc.sys [2/8/2007 9:31 PM 5543]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/19/2009 6:18 PM 93320]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;c:\windows\system32\DRIVERS\lstone2k.sys --> c:\windows\system32\DRIVERS\lstone2k.sys [?]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S3 idrmkl;idrmkl;\??\c:\docume~1\WojoDan\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\WojoDan\LOCALS~1\Temp\idrmkl.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]
S3 StkMini;VideoAdvantage USB;c:\windows\system32\drivers\StkMini.sys [6/2/2007 10:15 AM 600617]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1709634460-3040889704-2949520400-1008Core.job
- c:\documents and settings\WojoDan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 22:56]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1709634460-3040889704-2949520400-1008UA.job
- c:\documents and settings\WojoDan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 22:56]

2009-04-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-19 17:22]

2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-19 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-14 22:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,2b,fc,4b,01,75,86,44,b4,59,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,2b,fc,4b,01,75,86,44,b4,59,be,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-09-14 22:44:06
ComboFix-quarantined-files.txt 2010-09-15 03:44

Pre-Run: 19,054,243,840 bytes free
Post-Run: 21,874,659,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

- - End Of File - - 4E2C57C2C20CB9E16001151311905DA9


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 15 September 2010 - 07:48 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
Driver::
idrmkl


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 wojjo58

wojjo58
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 15 September 2010 - 10:18 PM

Hello again,

I ran per instructions and following is the log. The PC restarted itself somewear near the time it was creating the log report. I have not had a redirect or popup after about 10 minutes of using IE8. I will test further tonight. Should I have to perfrom any of these tests logged in as any other users?

Thanks gringo........

ComboFix 10-09-14.01 - WojoDad 09/15/2010 21:44:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2385 [GMT -5:00]
Running from: c:\documents and settings\WojoDad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\WojoDad\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IDRMKL
-------\Service_idrmkl


((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.

2010-09-14 03:50 . 2010-09-14 03:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-11 20:57 . 2010-09-11 20:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-09-04 04:05 . 2010-09-04 04:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-09-04 04:04 . 2010-09-04 04:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-04 02:14 . 2010-09-04 02:14 -------- d-----w- c:\documents and settings\WojoDan\Application Data\Malwarebytes
2010-09-03 01:29 . 2010-09-03 01:29 -------- d-----w- c:\documents and settings\WojoDad\Application Data\SUPERAntiSpyware.com
2010-09-03 01:29 . 2010-09-03 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-03 01:29 . 2010-09-15 04:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-29 15:06 . 2010-08-29 15:06 -------- d-----w- c:\program files\Safer Networking
2010-08-28 17:56 . 2008-04-14 10:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-08-28 14:58 . 2010-08-28 14:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 14:46 . 2010-08-28 14:46 -------- d-----w- c:\program files\CCleaner
2010-08-26 00:50 . 2010-08-26 00:50 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-24 03:11 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-24 02:40 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-24 02:39 . 2010-08-24 02:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-24 02:39 . 2010-08-24 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-24 02:39 . 2010-08-24 02:39 -------- d-----w- c:\program files\Lavasoft
2010-08-23 23:52 . 2010-08-23 23:52 -------- d-sh--w- c:\documents and settings\WojoDan\IECompatCache
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 12:21 . 2006-09-08 00:32 -------- d-----w- c:\program files\Dl_cats
2010-09-15 04:00 . 2007-11-30 01:38 -------- d-----w- c:\program files\World of Warcraft
2010-09-15 01:41 . 2009-10-10 20:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-04 04:06 . 2010-09-04 04:06 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-04 04:06 . 2010-09-04 04:06 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-04 04:06 . 2010-09-04 04:06 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 01:31 . 2010-09-03 01:31 63488 ----a-w- c:\documents and settings\WojoDad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-03 01:31 . 2010-09-03 01:31 52224 ----a-w- c:\documents and settings\WojoDad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-03 01:31 . 2010-09-03 01:31 117760 ----a-w- c:\documents and settings\WojoDad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-02 00:58 . 2010-09-02 00:58 503808 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4259ed66-n\msvcp71.dll
2010-09-02 00:58 . 2010-09-02 00:58 499712 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4259ed66-n\jmc.dll
2010-09-02 00:58 . 2010-09-02 00:58 348160 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4259ed66-n\msvcr71.dll
2010-09-02 00:58 . 2010-09-02 00:58 61440 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-64c45dde-n\decora-sse.dll
2010-09-02 00:58 . 2010-09-02 00:58 12800 ----a-w- c:\documents and settings\WojoDan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-64c45dde-n\decora-d3d.dll
2010-08-31 01:32 . 2009-09-11 22:48 68632 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-31 00:47 . 2006-09-05 20:07 91352 ----a-w- c:\documents and settings\WojoDan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-28 19:15 . 2006-09-04 14:50 91352 ----a-w- c:\documents and settings\WojoDad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-28 18:03 . 2005-08-16 09:41 88983 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-28 14:59 . 2010-08-28 14:59 503808 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1cb9eb21-n\msvcp71.dll
2010-08-28 14:59 . 2010-08-28 14:59 499712 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1cb9eb21-n\jmc.dll
2010-08-28 14:59 . 2010-08-28 14:59 348160 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1cb9eb21-n\msvcr71.dll
2010-08-28 14:58 . 2006-08-29 23:01 -------- d-----w- c:\program files\Java
2010-08-28 14:58 . 2010-08-28 14:58 61440 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d275a82-n\decora-sse.dll
2010-08-28 14:58 . 2010-08-28 14:58 12800 ----a-w- c:\documents and settings\WojoDad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7d275a82-n\decora-d3d.dll
2010-08-28 14:58 . 2006-08-29 23:01 -------- d-----w- c:\program files\Common Files\Java
2010-08-18 17:39 . 2010-06-21 12:54 27630760 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 15:59 . 2006-08-29 23:15 -------- d-----w- c:\program files\BAE
2010-08-14 15:38 . 2010-08-14 15:38 -------- d-----w- c:\program files\Trend Micro
2010-08-14 13:49 . 2010-08-14 13:49 -------- d-----w- c:\documents and settings\WojoDad\Application Data\Malwarebytes
2010-08-14 13:49 . 2010-08-14 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 13:49 . 2010-08-14 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-12 12:16 . 2010-08-24 02:39 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-07-29 01:39 . 2010-07-29 01:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\yahoo!
2010-07-26 00:14 . 2006-08-29 23:14 -------- d-----w- c:\program files\McAfee
2010-07-22 15:49 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-20 22:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 20:18 . 2009-04-19 23:16 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2005-08-16 09:18 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-08-16 09:18 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 17:45 . 2005-08-16 09:18 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-02-19 01:11 . 2006-09-09 15:22 88 --sh--r- c:\windows\system32\5D90E197D6.sys
2010-02-19 01:11 . 2006-09-09 15:22 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-15 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-07 61440]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-9-15 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-29 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"i:\\CRYSIS\\Bin32\\Crysis.exe"=
"i:\\CRYSIS\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"i:\\Activision\\JB_LiveEngine_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/23/2010 9:40 PM 64288]
R1 MemAlloc;MemAlloc;c:\windows\system32\drivers\MemAlloc.sys [2/8/2007 9:31 PM 5543]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/19/2009 6:18 PM 93320]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;c:\windows\system32\DRIVERS\lstone2k.sys --> c:\windows\system32\DRIVERS\lstone2k.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]
S3 StkMini;VideoAdvantage USB;c:\windows\system32\drivers\StkMini.sys [6/2/2007 10:15 AM 600617]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1709634460-3040889704-2949520400-1008Core.job
- c:\documents and settings\WojoDan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 22:56]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1709634460-3040889704-2949520400-1008UA.job
- c:\documents and settings\WojoDan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 22:56]

2009-04-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-19 17:22]

2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-19 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 22:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,2b,fc,4b,01,75,86,44,b4,59,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,2b,fc,4b,01,75,86,44,b4,59,be,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(5984)
c:\windows\system32\WININET.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\java.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dlcccoms.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-15 22:11:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-16 03:11
ComboFix2.txt 2010-09-15 03:44

Pre-Run: 21,023,649,792 bytes free
Post-Run: 20,924,579,840 bytes free

- - End Of File - - 1FC95466C18AB0C92FE751C188F9A1E7


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 15 September 2010 - 10:33 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 7.0

    and click on remove

Update Adobe Reader
    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.


Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis
  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. report from Hijackthis
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 wojjo58

wojjo58
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 16 September 2010 - 07:20 PM

Following are the logs from MBAM and Hijcakthis

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4632

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/16/2010 6:35:20 PM
mbam-log-2010-09-16 (18-35-20).txt

Scan type: Quick scan
Objects scanned: 173531
Time elapsed: 12 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




******************************************************************************


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:19 PM, on 9/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 12990 bytes





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users