Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with Virus or Malware removal.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Bill T.

Bill T.

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 30 June 2011 - 09:19 AM

Internet Explorer is refusing my passwords. McAfee is not working properly. Below are the logs for DDS and GMER, attached is the Attach.txt file...

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Bill at 12:31:54 on 2011-06-29
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1430 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\vVX3000.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Windows\system32\rundll32.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\RocketFish\RF5.1\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5424
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5424
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5424
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ipswitch\ws_ftp pro\wsbho2k0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110628214123.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\bill\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [VolPanel] "c:\program files\rocketfish\rf5.1\volume panel\VolPanlu.exe" /r
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Web-Based Email Tools - hxxp://email01.secureserver.net/Download.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ipswitch.webex.com/client/T25L/support/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5736/mcfscan.cab
TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{F6A9798B-A101-40E6-B3E8-E39D210446F5} : DhcpNameServer = 68.87.74.166 68.87.68.166
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: PCANotify - PCANotify.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bill\appdata\roaming\mozilla\firefox\profiles\zslc9g7h.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\bill\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\bill\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\bill\appdata\roaming\move networks\plugins\npqmp071706000001.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-3-18 64648]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2008-7-21 20376]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-10 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-16 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-9 88176]
R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-28 214904]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\drivers\AVerBas.sys [2008-6-27 57216]
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [2008-6-27 366976]
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [2008-6-27 165120]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2006-12-16 5504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-16 22712]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2007-4-10 2385896]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-15 135664]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-28 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-28 214904]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-4-3 79360]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-15 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-12-17 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-12-17 40552]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2070-11-28 22:02:20 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-06-29 15:18:34 388096 ----a-r- c:\users\bill\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-29 15:18:34 -------- d-----w- c:\program files\Trend Micro
2011-06-29 13:03:45 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 12:58:41 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-29 12:58:40 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-29 01:41:23 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-06-28 13:07:56 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ba9cd32-775a-433f-a06d-8415644cf4ec}\mpengine.dll
2011-06-23 11:59:33 -------- d-----w- c:\users\bill\appdata\local\{1B304B5C-4785-42EC-88E4-2BCF613EEA80}
2011-06-22 02:30:03 -------- d-----w- c:\users\bill\appdata\local\{A0240067-4E5F-43CB-A659-812FC3744C21}
2011-06-22 01:47:21 -------- d-----w- c:\users\bill\appdata\local\{0202860C-A002-473B-85D8-3C6EC62823B7}
2011-06-21 12:28:02 -------- d-----w- c:\users\bill\appdata\local\{0FBA2217-61AE-4EE7-946E-2321C321E9AC}
2011-06-20 12:34:29 -------- d-----w- c:\users\bill\appdata\local\{97B5C50A-90B5-4CBC-9932-519E26729AF2}
2011-06-19 12:24:29 -------- d-----w- c:\users\bill\appdata\local\{09205FDC-F32D-467F-B635-766C7CECCD51}
2011-06-17 12:21:06 -------- d-----w- c:\users\bill\appdata\local\{EEC076A5-159A-4938-ABDC-983552F22286}
2011-06-16 14:16:46 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-16 12:22:43 -------- d-----w- c:\users\bill\appdata\local\{A4F62CAA-C4F1-45F1-9161-9E92C3F96831}
2011-06-15 12:42:01 -------- d-----w- c:\users\bill\appdata\local\{DCC305C7-A46F-4248-9B1B-3C09C0F06FFF}
2011-06-14 12:13:29 -------- d-----w- c:\users\bill\appdata\local\{8EB96FCD-5375-4C82-87EA-6A2FC7A5C699}
2011-06-13 12:08:30 -------- d-----w- c:\users\bill\appdata\local\{CE472E24-1167-49E6-B2FC-93699E33D992}
2011-06-10 12:39:10 -------- d-----w- c:\users\bill\appdata\local\{8067AB05-391B-4817-8DB0-E960B090C780}
2011-06-09 12:33:14 -------- d-----w- c:\users\bill\appdata\local\{664E0B9B-BD04-452A-962A-5FDACFC3DCA2}
2011-06-07 12:45:14 -------- d-----w- c:\users\bill\appdata\local\{AFCF30AC-0408-4DB4-969A-8BCCF2D0574A}
2011-06-04 12:55:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-04 12:54:48 -------- d-----w- c:\users\bill\appdata\local\{7F41EB02-FF74-4C9F-8673-FA4A9FD87F50}
2011-06-02 11:19:58 -------- d-----w- c:\users\bill\appdata\local\{FB250E65-93EE-45DC-B55C-B9F3FB1F36C3}
2011-06-01 11:02:43 -------- d-----w- c:\users\bill\appdata\local\{E75D70D3-A135-43EF-B7D2-D439C0BC07FC}
2011-05-31 12:18:03 -------- d-----w- c:\users\bill\appdata\local\{148CD02B-0309-4568-BD7B-053DBB8070F3}
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-14 14:59:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-03 17:04:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-03 17:04:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
.
============= FINISH: 12:33:38.82 ===============

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-29 19:04:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.V5CO
Running: gmer.exe; Driver: C:\Users\Bill\AppData\Local\Temp\kxldipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8FA04320, 0x3DE447, 0xE8000020]
? C:\Users\Bill\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] ntdll.dll!LdrLoadDll 775093A8 5 Bytes JMP 00241410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtCreateFile + 6 7754422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtCreateFile + B 7754422F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtMapViewOfSection + 6 7754497A 1 Byte [28]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtMapViewOfSection + 6 7754497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtMapViewOfSection + B 7754497F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenFile + 6 77544A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenFile + B 77544A0F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenProcess + 6 77544A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenProcess + B 77544A8F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenProcessToken + B 77544A9F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenProcessTokenEx + 6 77544AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenProcessTokenEx + B 77544AAF 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenThread + 6 77544AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenThread + B 77544AFF 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenThreadToken + 6 77544B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenThreadToken + B 77544B0F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtOpenThreadTokenEx + B 77544B1F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtQueryAttributesFile + 6 77544BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtQueryAttributesFile + B 77544BAF 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtQueryFullAttributesFile + B 77544C5F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtSetInformationFile + 6 7754513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtSetInformationFile + B 7754513F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtSetInformationThread + 6 7754518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtSetInformationThread + B 7754518F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtUnmapViewOfSection + 6 7754542A 1 Byte [68]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtUnmapViewOfSection + 6 7754542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[1940] ntdll.dll!NtUnmapViewOfSection + B 7754542F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtCreateFile + 6 7754422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtCreateFile + B 7754422F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtMapViewOfSection + 6 7754497A 1 Byte [28]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtMapViewOfSection + 6 7754497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtMapViewOfSection + B 7754497F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenFile + 6 77544A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenFile + B 77544A0F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenProcess + 6 77544A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenProcess + B 77544A8F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenProcessToken + B 77544A9F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenProcessTokenEx + 6 77544AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenProcessTokenEx + B 77544AAF 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenThread + 6 77544AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenThread + B 77544AFF 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenThreadToken + 6 77544B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenThreadToken + B 77544B0F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtOpenThreadTokenEx + B 77544B1F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtQueryAttributesFile + 6 77544BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtQueryAttributesFile + B 77544BAF 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtQueryFullAttributesFile + B 77544C5F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtSetInformationFile + 6 7754513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtSetInformationFile + B 7754513F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtSetInformationThread + 6 7754518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtSetInformationThread + B 7754518F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtUnmapViewOfSection + 6 7754542A 1 Byte [68]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtUnmapViewOfSection + 6 7754542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[2832] ntdll.dll!NtUnmapViewOfSection + B 7754542F 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!CreateDialogParamW 76BE72A2 5 Bytes JMP 70A0DE90 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!GetAsyncKeyState 76BE863C 5 Bytes JMP 70928EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!SetWindowsHookExW 76BE87AD 5 Bytes JMP 70A09A91 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!CallNextHookEx 76BE8E3B 5 Bytes JMP 709FD0CD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!UnhookWindowsHookEx 76BE98DB 5 Bytes JMP 7097466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!EnableWindow 76BECD8B 5 Bytes JMP 70A0DD1D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!CreateWindowExW 76BF1305 5 Bytes JMP 70A0DB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!GetKeyState 76BF8CB1 5 Bytes JMP 70A0D2CB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!IsDialogMessageW 76C00745 5 Bytes JMP 709359D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!CreateDialogParamA 76C017AA 5 Bytes JMP 70B05F95 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!IsDialogMessage 76C01847 5 Bytes JMP 70B05831 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!CreateDialogIndirectParamA 76C026F1 5 Bytes JMP 70B05FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!CreateDialogIndirectParamW 76C09A62 5 Bytes JMP 70B06003 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!SetKeyboardState 76C10987 5 Bytes JMP 70B05BA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!DialogBoxParamW 76C110B0 5 Bytes JMP 709354C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!DialogBoxIndirectParamW 76C12EF5 5 Bytes JMP 70B05329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!SendInput 76C12F75 5 Bytes JMP 70B0675F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!EndDialog 76C1326E 5 Bytes JMP 70937E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!SetCursorPos 76C26FB2 5 Bytes JMP 70B067B3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!DialogBoxParamA 76C28152 5 Bytes JMP 70B052C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!DialogBoxIndirectParamA 76C2847D 5 Bytes JMP 70B0538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!MessageBoxIndirectA 76C3D4D9 5 Bytes JMP 70B0525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!MessageBoxIndirectW 76C3D5D3 5 Bytes JMP 70B051F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!MessageBoxExA 76C3D639 5 Bytes JMP 70B0518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!MessageBoxExW 76C3D65D 5 Bytes JMP 70B0512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] USER32.dll!keybd_event 76C3D972 5 Bytes JMP 70B06AE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] SHELL32.dll!SHRestricted + D95 75D489A8 4 Bytes [4D, 30, C7, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] SHELL32.dll!SHRestricted + D9D 75D489B0 8 Bytes [57, 2F, C7, 66, 9C, 5B, C6, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] ole32.dll!OleLoadFromStream 76A91E80 5 Bytes JMP 70B05691 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] ole32.dll!CoCreateInstance 76AC9F3E 5 Bytes JMP 70A0DB60 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] WININET.dll!InternetReadFile 771E654B 5 Bytes JMP 02342D20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] WININET.dll!InternetCloseHandle 771E9088 5 Bytes JMP 02342C00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] WININET.dll!HttpOpenRequestA 771ED508 5 Bytes JMP 02342EC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] WININET.dll!InternetConnectA 771EDEAE 5 Bytes JMP 02342FC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] ws2_32.dll!closesocket 76C8330C 5 Bytes JMP 652E41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] ws2_32.dll!recv 76C8343A 5 Bytes JMP 652E4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] ws2_32.dll!socket 76C836D1 5 Bytes JMP 652E354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] ws2_32.dll!connect 76C840D9 5 Bytes JMP 652E35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] ws2_32.dll!getaddrinfo 76C8418A 5 Bytes JMP 652E3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3436] ws2_32.dll!send 76C8659B 5 Bytes JMP 652E3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4304] USER32.dll!SetWindowLongA 76BEE7CD 5 Bytes JMP 61F2EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4304] USER32.dll!SetWindowLongW 76BF13B4 5 Bytes JMP 61F2ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4304] USER32.dll!GetWindowInfo 76BF428E 5 Bytes JMP 61D45451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4304] USER32.dll!TrackPopupMenu 76C014F3 5 Bytes JMP 61D45A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtCreateFile + 6 7754422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtCreateFile + B 7754422F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtMapViewOfSection + 6 7754497A 1 Byte [28]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtMapViewOfSection + 6 7754497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtMapViewOfSection + B 7754497F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenFile + 6 77544A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenFile + B 77544A0F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcess + 6 77544A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcess + B 77544A8F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcessToken + B 77544A9F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcessTokenEx + 6 77544AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcessTokenEx + B 77544AAF 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThread + 6 77544AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThread + B 77544AFF 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThreadToken + 6 77544B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThreadToken + B 77544B0F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThreadTokenEx + B 77544B1F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtQueryAttributesFile + 6 77544BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtQueryAttributesFile + B 77544BAF 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtQueryFullAttributesFile + B 77544C5F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtSetInformationFile + 6 7754513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtSetInformationFile + B 7754513F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtSetInformationThread + 6 7754518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtSetInformationThread + B 7754518F 1 Byte [E2]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtUnmapViewOfSection + 6 7754542A 1 Byte [68]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtUnmapViewOfSection + 6 7754542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Bill\AppData\Local\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtUnmapViewOfSection + B 7754542F 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateDialogParamW 76BE72A2 5 Bytes JMP 70A0DE90 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!GetAsyncKeyState 76BE863C 5 Bytes JMP 70928EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SetWindowsHookExW 76BE87AD 5 Bytes JMP 70A09A91 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CallNextHookEx 76BE8E3B 5 Bytes JMP 709FD0CD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!UnhookWindowsHookEx 76BE98DB 5 Bytes JMP 7097466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!EnableWindow 76BECD8B 5 Bytes JMP 70A0DD1D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateWindowExW 76BF1305 5 Bytes JMP 70A0DB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!GetKeyState 76BF8CB1 5 Bytes JMP 70A0D2CB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!IsDialogMessageW 76C00745 5 Bytes JMP 709359D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateDialogParamA 76C017AA 5 Bytes JMP 70B05F95 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!IsDialogMessage 76C01847 5 Bytes JMP 70B05831 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateDialogIndirectParamA 76C026F1 5 Bytes JMP 70B05FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateDialogIndirectParamW 76C09A62 5 Bytes JMP 70B06003 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SetKeyboardState 76C10987 5 Bytes JMP 70B05BA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxParamW 76C110B0 5 Bytes JMP 709354C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxIndirectParamW 76C12EF5 5 Bytes JMP 70B05329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SendInput 76C12F75 5 Bytes JMP 70B0675F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!EndDialog 76C1326E 5 Bytes JMP 70937E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SetCursorPos 76C26FB2 5 Bytes JMP 70B067B3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxParamA 76C28152 5 Bytes JMP 70B052C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxIndirectParamA 76C2847D 5 Bytes JMP 70B0538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxIndirectA 76C3D4D9 5 Bytes JMP 70B0525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxIndirectW 76C3D5D3 5 Bytes JMP 70B051F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxExA 76C3D639 5 Bytes JMP 70B0518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxExW 76C3D65D 5 Bytes JMP 70B0512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!keybd_event 76C3D972 5 Bytes JMP 70B06AE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] SHELL32.dll!SHRestricted + D95 75D489A8 4 Bytes [4D, 30, C7, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] SHELL32.dll!SHRestricted + D9D 75D489B0 8 Bytes [57, 2F, C7, 66, 9C, 5B, C6, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ole32.dll!OleLoadFromStream 76A91E80 5 Bytes JMP 70B05691 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ole32.dll!CoCreateInstance 76AC9F3E 5 Bytes JMP 70A0DB60 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] WININET.dll!InternetReadFile 771E654B 5 Bytes JMP 02282D20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] WININET.dll!InternetCloseHandle 771E9088 5 Bytes JMP 02282C00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] WININET.dll!HttpOpenRequestA 771ED508 5 Bytes JMP 02282EC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] WININET.dll!InternetConnectA 771EDEAE 5 Bytes JMP 02282FC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ws2_32.dll!closesocket 76C8330C 5 Bytes JMP 652E41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ws2_32.dll!recv 76C8343A 5 Bytes JMP 652E4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ws2_32.dll!socket 76C836D1 5 Bytes JMP 652E354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ws2_32.dll!connect 76C840D9 5 Bytes JMP 652E35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ws2_32.dll!getaddrinfo 76C8418A 5 Bytes JMP 652E3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ws2_32.dll!send 76C8659B 5 Bytes JMP 652E3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!CreateDialogParamW 76BE72A2 5 Bytes JMP 70A0DE90 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!GetAsyncKeyState 76BE863C 5 Bytes JMP 70928EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!SetWindowsHookExW 76BE87AD 5 Bytes JMP 70A09A91 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!CallNextHookEx 76BE8E3B 5 Bytes JMP 709FD0CD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!UnhookWindowsHookEx 76BE98DB 5 Bytes JMP 7097466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!EnableWindow 76BECD8B 5 Bytes JMP 70A0DD1D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!CreateWindowExW 76BF1305 5 Bytes JMP 70A0DB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!GetKeyState 76BF8CB1 5 Bytes JMP 70A0D2CB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!IsDialogMessageW 76C00745 5 Bytes JMP 709359D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!CreateDialogParamA 76C017AA 5 Bytes JMP 70B05F95 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!IsDialogMessage 76C01847 5 Bytes JMP 70B05831 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!CreateDialogIndirectParamA 76C026F1 5 Bytes JMP 70B05FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!CreateDialogIndirectParamW 76C09A62 5 Bytes JMP 70B06003 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!SetKeyboardState 76C10987 5 Bytes JMP 70B05BA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!DialogBoxParamW 76C110B0 5 Bytes JMP 709354C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!DialogBoxIndirectParamW 76C12EF5 5 Bytes JMP 70B05329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!SendInput 76C12F75 5 Bytes JMP 70B0675F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!EndDialog 76C1326E 5 Bytes JMP 70937E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!SetCursorPos 76C26FB2 5 Bytes JMP 70B067B3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!DialogBoxParamA 76C28152 5 Bytes JMP 70B052C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!DialogBoxIndirectParamA 76C2847D 5 Bytes JMP 70B0538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!MessageBoxIndirectA 76C3D4D9 5 Bytes JMP 70B0525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!MessageBoxIndirectW 76C3D5D3 5 Bytes JMP 70B051F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!MessageBoxExA 76C3D639 5 Bytes JMP 70B0518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!MessageBoxExW 76C3D65D 5 Bytes JMP 70B0512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!keybd_event 76C3D972 5 Bytes JMP 70B06AE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] SHELL32.dll!SHRestricted + D95 75D489A8 4 Bytes [4D, 30, C7, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] SHELL32.dll!SHRestricted + D9D 75D489B0 8 Bytes [57, 2F, C7, 66, 9C, 5B, C6, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] ole32.dll!OleLoadFromStream 76A91E80 5 Bytes JMP 70B05691 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] ole32.dll!CoCreateInstance 76AC9F3E 5 Bytes JMP 70A0DB60 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] WININET.dll!InternetReadFile 771E654B 5 Bytes JMP 02282D20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] WININET.dll!InternetCloseHandle 771E9088 5 Bytes JMP 02282C00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] WININET.dll!HttpOpenRequestA 771ED508 5 Bytes JMP 02282EC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] WININET.dll!InternetConnectA 771EDEAE 5 Bytes JMP 02282FC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!closesocket 76C8330C 5 Bytes JMP 652E41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!recv 76C8343A 5 Bytes JMP 652E4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!socket 76C836D1 5 Bytes JMP 652E354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!connect 76C840D9 5 Bytes JMP 652E35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!getaddrinfo 76C8418A 5 Bytes JMP 652E3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!send 76C8659B 5 Bytes JMP 652E3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!CreateWindowExW 76BF1305 5 Bytes JMP 70A0DB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DialogBoxParamW 76C110B0 5 Bytes JMP 709354C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DialogBoxIndirectParamW 76C12EF5 5 Bytes JMP 70B05329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DialogBoxParamA 76C28152 5 Bytes JMP 70B052C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DialogBoxIndirectParamA 76C2847D 5 Bytes JMP 70B0538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!MessageBoxIndirectA 76C3D4D9 5 Bytes JMP 70B0525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!MessageBoxIndirectW 76C3D5D3 5 Bytes JMP 70B051F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!MessageBoxExA 76C3D639 5 Bytes JMP 70B0518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!MessageBoxExW 76C3D65D 5 Bytes JMP 70B0512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x5A 0x49 0x8E 0x39 ...

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:02 PM

Posted 10 July 2011 - 03:16 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:02 PM

Posted 24 July 2011 - 05:01 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users