Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows xp fix


  • This topic is locked This topic is locked
23 replies to this topic

#1 ronniewho

ronniewho

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 11 July 2011 - 09:50 PM

Hello all,
I have windows xp fix on my computer, I followed the instructions on your spyware removel with no luck, I also tried to get help here but must have done something wrong because no one replied, not the best with a computer, I know just enough to be dangerous.so I shall try again. I was able to run rkill and it appeared that it killed all the fake errors, I was able to download but not install malwarebytes. I have an older copy that I can run but not update. I was also able to unhide using the unhide program from your site. below are the logs from dds and gmer, any help with this issue would be awesome.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Sue at 1:24:20 on 2011-07-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1343 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110614183138.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [qKUOTAGoSLV] c:\documents and settings\all users\application data\qKUOTAGoSLV.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251303995375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 156.154.119.11 156.154.129.11
TCP: Interfaces\{9E858D23-E9CB-4398-AD43-D57CF64DBD15} : DhcpNameServer = 156.154.119.11 156.154.129.11
TCP: Interfaces\{A863C25D-1206-4880-9D3A-CA9387B35140} : DhcpNameServer = 156.154.119.11 156.154.129.11
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\mstscax32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sue\application data\mozilla\firefox\profiles\ea3w4zdd.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://us.mc1138.mail.yahoo.com/mc/welcome?.gx=1&.tm=1279368184&.rand=ats76nefrdc63
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-10 459728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-10 89368]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-26 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-9 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-10 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-10 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-10 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-10 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-10 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-10 148520]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2010-12-16 816672]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-10 57432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-26 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-10 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-10 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-10 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-10 83688]
S2 gupdate1ca42f4286be5f6;Google Update Service (gupdate1ca42f4286be5f6);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-10 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-10 85984]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-12-18 724736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2011-07-09 21:31:21 473088 ---ha-w- c:\documents and settings\all users\application data\qKUOTAGoSLV.exe
2011-06-26 18:27:53 39984 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-26 18:27:49 22712 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 18:27:48 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-06-26 04:22:13 2106216 ---ha-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-26 04:22:13 1998168 ---ha-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-25 18:31:39 -------- d--h--w- c:\windows\system32\wbem\repository\FS
2011-06-25 18:31:39 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-06-22 20:25:47 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 22:31:38 24376 ---ha-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-06-13 09:47:20 0 ---ha-w- c:\documents and settings\sue\vjpluqsxay.tmp
.
==================== Find3M ====================
.
2011-05-02 15:31:52 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ---ha-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ---ha-w- c:\windows\system32\drivers\mup.sys
2004-08-04 10:00:00 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
.
============= FINISH: 1:24:42.12 ===============



GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-10 10:39:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250310AS rev.3.ADA
Running: gmer.exe; Driver: C:\DOCUME~1\Sue\LOCALS~1\Temp\pfacafod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9EB8D70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EB8D84]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EB8DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EB8E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9EB8D5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EB8D34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EB8D48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EB8D9A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EB8DDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EB8DC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EB8E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EB8E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EB8DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9EB8DF4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9EB8E0A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B9EB8E20 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9EB8DE0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9EB8D38 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9EB8D4C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B9EB8E34 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B9EB8DCA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9EB8D9E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B9EB8D74 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B9EB8D88 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B9EB8DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9EB8D60 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? aqndn.sys The system cannot find the file specified. !
? C:\DOCUME~1\Sue\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910040
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900075
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900064
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00900047
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900F8A
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900FC0
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00900F34
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900F4F
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00900F08
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900F19
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009000C6
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900F9B
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900086
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0090002C
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900011
.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900097
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0080
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0065
.text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FC8
.text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0053
.text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE002E
.text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE000C
.text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FD9
.text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE001D
.text C:\WINDOWS\system32\svchost.exe[508] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[508] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00920011
.text C:\WINDOWS\system32\svchost.exe[508] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[508] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00920036
.text C:\WINDOWS\system32\svchost.exe[508] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930FEF
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\services.exe[1372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E5001B
.text C:\WINDOWS\system32\services.exe[1372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40F52
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40F63
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40F8A
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E4003D
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E4002C
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40062
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E40F1A
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E4008E
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E4007D
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E400A9
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E40FA5
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E40F41
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E40FC0
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\services.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E40EFF
.text C:\WINDOWS\system32\services.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01120040
.text C:\WINDOWS\system32\services.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01120FAF
.text C:\WINDOWS\system32\services.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0112001B
.text C:\WINDOWS\system32\services.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01120FE5
.text C:\WINDOWS\system32\services.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0112006C
.text C:\WINDOWS\system32\services.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01120000
.text C:\WINDOWS\system32\services.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01120FD4
.text C:\WINDOWS\system32\services.exe[1372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [32, 89]
.text C:\WINDOWS\system32\services.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01120051
.text C:\WINDOWS\system32\services.exe[1372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0053
.text C:\WINDOWS\system32\services.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0038
.text C:\WINDOWS\system32\services.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FD2
.text C:\WINDOWS\system32\services.exe[1372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[1372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0027
.text C:\WINDOWS\system32\services.exe[1372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FE3
.text C:\WINDOWS\system32\services.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\lsass.exe[1384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[1384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\lsass.exe[1384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F52
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F6D
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0047
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F8A
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F2B
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0073
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0EF8
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F09
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0EDD
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FA5
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0062
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F1A
.text C:\WINDOWS\system32\lsass.exe[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0051
.text C:\WINDOWS\system32\lsass.exe[1384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD00A5
.text C:\WINDOWS\system32\lsass.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD0040
.text C:\WINDOWS\system32\lsass.exe[1384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0025
.text C:\WINDOWS\system32\lsass.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\lsass.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[1384] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1D, 89]
.text C:\WINDOWS\system32\lsass.exe[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD006C
.text C:\WINDOWS\system32\lsass.exe[1384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD003B
.text C:\WINDOWS\system32\lsass.exe[1384] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FB0
.text C:\WINDOWS\system32\lsass.exe[1384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FD2
.text C:\WINDOWS\system32\lsass.exe[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\lsass.exe[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FC1
.text C:\WINDOWS\system32\lsass.exe[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD000C
.text C:\WINDOWS\system32\lsass.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F77
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F92
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0027006C
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270051
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F49
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F66
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700C7
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700B6
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F13
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270087
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F38
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360057
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036003C
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360F90
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F78
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370F93
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FB5
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FA4
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01180000
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01180011
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01180022
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01180FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[1540] ws2_32.dll!socket 71AB4211 5 Bytes JMP 022F0FEF
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AC0FCA
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AB0F83
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AB0078
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AB005B
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AB004A
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AB0FC3
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AB0F4B
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AB0093
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AB00D3
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AB00B8
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AB0F1F
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AB0FA8
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AB001B
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AB0F68
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AB0FD4
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AB0FE5
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AB0F3A
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AF002F
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AF0F9E
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AF001E
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AF0FDE
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AF0051
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AF0040
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AF0FB9
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE0062
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE0051
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE0FD7
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE0036
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE0011
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CA0011
.text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C90F62
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C9004D
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90F73
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90F90
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C90FB2
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C90F19
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C90F36
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C90ED2
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C90EE3
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C90EC1
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C90FA1
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C90F47
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C90FC3
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C90014
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C90F08
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0025
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0F79
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0F9E
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CD0040
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0FB9
.text C:\WINDOWS\system32\svchost.exe[1616] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC005F
.text C:\WINDOWS\system32\svchost.exe[1616] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC004E
.text C:\WINDOWS\system32\svchost.exe[1616] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FDE
.text C:\WINDOWS\system32\svchost.exe[1616] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[1616] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0029
.text C:\WINDOWS\system32\svchost.exe[1616] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC000C
.text C:\WINDOWS\system32\svchost.exe[1616] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CB0000
.text C:\WINDOWS\System32\svchost.exe[1656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02EE0000
.text C:\WINDOWS\System32\svchost.exe[1656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02EE0FDE
.text C:\WINDOWS\System32\svchost.exe[1656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02EE0FEF
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02970FEF
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02970056
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02970F6B
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02970045
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02970F7C
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02970F9E
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0297008E
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02970F46
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029700BA
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029700A9
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02970F06
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02970F8D
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02970FDE
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02970071
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02970014
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02970FC3
.text C:\WINDOWS\System32\svchost.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02970F2B
.text C:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05610FC3
.text C:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05610F79
.text C:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05610FDE
.text C:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0561000A
.text C:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 05610040
.text C:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 05610FEF
.text C:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0561002F
.text C:\WINDOWS\System32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05610FA8
.text C:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 05600053
.text C:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!system 77C293C7 5 Bytes JMP 05600042
.text C:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 05600027
.text C:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05600000
.text C:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05600FD2
.text C:\WINDOWS\System32\svchost.exe[1656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05600FE3
.text C:\WINDOWS\System32\svchost.exe[1656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 055F0FEF
.text C:\WINDOWS\System32\svchost.exe[1656] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 055E0FEF
.text C:\WINDOWS\System32\svchost.exe[1656] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 055E0000
.text C:\WINDOWS\System32\svchost.exe[1656] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 055E0011
.text C:\WINDOWS\System32\svchost.exe[1656] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 055E0022
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00640011
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630F39
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630F54
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF5 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0063002E
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00630F6F
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00630F9B
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0063005A
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630F1E
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00630EDC
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630075
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00630086
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630F8A
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00630049
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630EF7
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FD4
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660076
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660025
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660FB9
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660065
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660040
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650058
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FCD
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A002C
.text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A001B
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00790F79
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0079006E
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00790051
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [83]
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790F94
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790FAF
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790F32
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00790F43
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007900A6
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0079008B
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00790EF2
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00790036
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00790011
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00790F54
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00790FC0
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00790FDB
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00790F17
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D0036
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D006C
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0FDB
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0011
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D005B
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D0000
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007D0FB9
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9D, 88]
.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D0FCA
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007C0FBE
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!system 77C293C7 5 Bytes JMP 007C0FCF
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007C0038
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007C0049
.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007C001D
.text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B80FDE
.text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B7006C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B70F77
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B7005B
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B70F9E
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B70036
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B70098
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B70F5C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B70F3F
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B700D8
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B70F2E
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B70FAF
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B70087
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B70025
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B70FD4
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B700B3
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B60062
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B60025
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B60051
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B60040
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B60FB9
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90FAD
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90FBE
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90FE3
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B9000C
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90038
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B9001D
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009E0FC3
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009E0FDE
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D00AC
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D009B
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0080
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0065
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D002F
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0F75
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D00BD
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D00FA
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D00DF
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D010B
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D004A
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0F9C
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0FC3
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D00CE
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A10040
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A10FB6
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A10073
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A1000A
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A10062
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A10051
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A00F86
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00FA1
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A00FC6
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[2012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[2012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009F0FE5
.text C:\Program Files\Messenger\msmsgs.exe[2088] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\Program Files\Messenger\msmsgs.exe[2088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090014
.text C:\Program Files\Messenger\msmsgs.exe[2088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FD4
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0000
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0F77
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0076
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0FA8
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C005B
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0040
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C00AE
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F66
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C00E4
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F4B
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C0F3A
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0FB9
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0011
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0087
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FCA
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FDB
.text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C00C9
.text C:\Program Files\Messenger\msmsgs.exe[2088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0F86
.text C:\Program Files\Messenger\msmsgs.exe[2088] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0FAB
.text C:\Program Files\Messenger\msmsgs.exe[2088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B000A
.text C:\Program Files\Messenger\msmsgs.exe[2088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FE3
.text C:\Program Files\Messenger\msmsgs.exe[2088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B001B
.text C:\Program Files\Messenger\msmsgs.exe[2088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FC6
.text C:\Program Files\Messenger\msmsgs.exe[2088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0040
.text C:\Program Files\Messenger\msmsgs.exe[2088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0F9E
.text C:\Program Files\Messenger\msmsgs.exe[2088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C002F
.text C:\Program Files\Messenger\msmsgs.exe[2088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0FEF
.text C:\Program Files\Messenger\msmsgs.exe[2088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0FAF
.text C:\Program Files\Messenger\msmsgs.exe[2088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C000A
.text C:\Program Files\Messenger\msmsgs.exe[2088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002C005B
.text C:\Program Files\Messenger\msmsgs.exe[2088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FDE
.text C:\Program Files\Messenger\msmsgs.exe[2088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002D0FEF
.text C:\Program Files\Messenger\msmsgs.exe[2088] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002E0000
.text C:\Program Files\Messenger\msmsgs.exe[2088] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002E001B
.text C:\Program Files\Messenger\msmsgs.exe[2088] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002E0036
.text C:\Program Files\Messenger\msmsgs.exe[2088] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 002E0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270089
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270078
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270067
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F52
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700A4
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F30
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F41
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700E4
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0027004A
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F79
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700BF
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F75
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360032
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360F90
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370033
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370011
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370022
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009E0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009E0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 009E0025
.text C:\Program Files\Internet Explorer\iexplore.exe[2648] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A30FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270071
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0027004A
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F4B
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270093
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F04
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F1F
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700B8
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270082
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270014
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F3A
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360F94
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F4D
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360F83
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F90
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370011
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01180FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01180000
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01180FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01180011
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ws2_32.dll!socket 71AB4211 5 Bytes JMP 022F0000
.text C:\WINDOWS\explorer.exe[3020] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\explorer.exe[3020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090011
.text C:\WINDOWS\explorer.exe[3020] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FDB
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B000A
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F5A
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F6B
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F7C
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F8D
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B008F
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F3D
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F2C
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00BB
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00E0
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B001B
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B006A
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\explorer.exe[3020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00A0
.text C:\WINDOWS\explorer.exe[3020] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\explorer.exe[3020] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A005B
.text C:\WINDOWS\explorer.exe[3020] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FDB
.text C:\WINDOWS\explorer.exe[3020] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A001B
.text C:\WINDOWS\explorer.exe[3020] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0F9E
.text C:\WINDOWS\explorer.exe[3020] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0000
.text C:\WINDOWS\explorer.exe[3020] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0FAF
.text C:\WINDOWS\explorer.exe[3020] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\explorer.exe[3020] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0036
.text C:\WINDOWS\explorer.exe[3020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B004E
.text C:\WINDOWS\explorer.exe[3020] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0033
.text C:\WINDOWS\explorer.exe[3020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0011
.text C:\WINDOWS\explorer.exe[3020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\explorer.exe[3020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0022
.text C:\WINDOWS\explorer.exe[3020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0000
.text C:\WINDOWS\explorer.exe[3020] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002D0FE5
.text C:\WINDOWS\explorer.exe[3020] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002D0000
.text C:\WINDOWS\explorer.exe[3020] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002D0FD4
.text C:\WINDOWS\explorer.exe[3020] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 002D0025
.text C:\WINDOWS\explorer.exe[3020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01700000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A62BBD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


I did not inculde the ARK log as requested in the header of the ARK log.

My hat is off to the people that have to look at this stuff, makes my eyes bleed!I don't know how you do it.

Thanks
Ronniewho.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:48 PM

Posted 13 July 2011 - 02:24 PM

Hi,

Please run the following:

Download ComboFix from either of these locations:
Link 1
Link 2


VERY IMPORTANT !!!
Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ronniewho

ronniewho
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 13 July 2011 - 05:22 PM

Hi Catbyte,
Ran combo fix, here is the log,I was able to install and update a new version of malwarebytes and run it, does this mean that windows xp fix is gone, thank you very much for taking the time to help me with this issue, you guys at bleeping computer are awesome!!


ComboFix 11-07-13.03 - Sue 07/13/2011 17:55:12.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1325 [GMT -4:00]
Running from: c:\documents and settings\Sue\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\20100209081407.log
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Sue\Application Data\Mozilla\Firefox\Profiles\ea3w4zdd.default\extensions\{2946178a-06cf-40b2-8041-a6ac5a9eccbe}
c:\documents and settings\Sue\Application Data\Mozilla\Firefox\Profiles\ea3w4zdd.default\extensions\{2946178a-06cf-40b2-8041-a6ac5a9eccbe}\chrome.manifest
c:\documents and settings\Sue\Application Data\Mozilla\Firefox\Profiles\ea3w4zdd.default\extensions\{2946178a-06cf-40b2-8041-a6ac5a9eccbe}\chrome\xulcache.jar
c:\documents and settings\Sue\Application Data\Mozilla\Firefox\Profiles\ea3w4zdd.default\extensions\{2946178a-06cf-40b2-8041-a6ac5a9eccbe}\defaults\preferences\xulcache.js
c:\documents and settings\Sue\Application Data\Mozilla\Firefox\Profiles\ea3w4zdd.default\extensions\{2946178a-06cf-40b2-8041-a6ac5a9eccbe}\install.rdf
c:\documents and settings\Sue\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
.
.
2011-06-26 18:27 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-26 18:27 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 18:27 . 2011-07-13 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-26 04:22 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-26 04:22 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-25 18:31 . 2011-06-25 18:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-25 18:02 . 2011-06-25 18:13 -------- d-s---w- c:\documents and settings\Administrator.SUE-DA3FF583149
2011-06-25 01:50 . 2011-06-25 01:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-22 20:25 . 2011-06-22 20:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 22:31 . 2011-03-13 15:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 09:47 . 2011-06-13 09:47 0 ----a-w- c:\documents and settings\Sue\vjpluqsxay.tmp
2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2009-08-26 15:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:17 . 2011-05-11 01:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2010-09-10 12:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2004-08-04 10:00 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-02-05 00:42 194912 ----a-w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-10-08 127036]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-13 202256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-16 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1306216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-09-10 14:18 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/10/2010 8:57 AM 89368]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/26/2011 2:27 PM 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/9/2009 8:43 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/10/2010 8:57 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [9/10/2010 8:57 AM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [9/10/2010 8:58 AM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [9/10/2010 8:57 AM 148520]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [12/16/2010 6:39 PM 816672]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/10/2010 8:57 AM 57432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/26/2011 2:27 PM 22712]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/10/2010 8:57 AM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/10/2010 8:57 AM 83688]
S2 gupdate1ca42f4286be5f6;Google Update Service (gupdate1ca42f4286be5f6);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 8:06 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 8:06 PM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/10/2010 8:57 AM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/10/2010 8:57 AM 85984]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 16:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-07-13 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2010-09-10 17:37]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 00:06]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 00:06]
.
2011-07-13 c:\windows\Tasks\Malwarebytes' Anti-Malware.job
- c:\progra~1\MALWAR~1\mbam.exe [2011-06-26 13:11]
.
2011-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-573735546-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-07-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-573735546-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 156.154.119.11 156.154.129.11
FF - ProfilePath - c:\documents and settings\Sue\Application Data\Mozilla\Firefox\Profiles\ea3w4zdd.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://us.mc1138.mail.yahoo.com/mc/welcome?.gx=1&.tm=1279368184&.rand=ats76nefrdc63
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 18:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1328)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3348)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-13 18:13:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-13 22:12
.
Pre-Run: 183,711,457,280 bytes free
Post-Run: 187,689,447,424 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7F5F2FBBEF5A11155E2E5FEF2FEA90B8

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:48 PM

Posted 13 July 2011 - 06:27 PM

Hi

Please do the following:

Press the WinKey + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "c:\documents and settings\Sue\vjpluqsxay.tmp"



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ronniewho

ronniewho
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 14 July 2011 - 08:46 PM

Hi Catbyte,
As requested.
C:\Documents and Settings\Sue\Application Data\Sun\Java\Deployment\cache\6.0\1\30502701-627beb10 multiple threats
C:\Documents and Settings\Sue\Application Data\Sun\Java\Deployment\cache\6.0\18\1b44c7d2-41a8996f multiple threats
C:\Documents and Settings\Sue\Application Data\Sun\Java\Deployment\cache\6.0\50\6bba7172-25993041 multiple threats
C:\Documents and Settings\Sue\Application Data\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-3335a9d6 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Documents and Settings\Sue\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\dajoaomilhbopbdbgmohaddbkjiejfin\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\ea3w4zdd.default\extensions\{2946178a-06cf-40b2-8041-a6ac5a9eccbe}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\ea3w4zdd.default\extensions\{2946178a-06cf-40b2-8041-a6ac5a9eccbe}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\System Volume Information\_restore{977DE4E5-2A85-4365-968C-036F68B0E61B}\RP216\A0044688.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{977DE4E5-2A85-4365-968C-036F68B0E61B}\RP217\A0044705.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{977DE4E5-2A85-4365-968C-036F68B0E61B}\RP218\A0044717.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{977DE4E5-2A85-4365-968C-036F68B0E61B}\RP218\A0044728.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{977DE4E5-2A85-4365-968C-036F68B0E61B}\RP219\A0044779.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{977DE4E5-2A85-4365-968C-036F68B0E61B}\RP221\A0046298.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{977DE4E5-2A85-4365-968C-036F68B0E61B}\RP223\A0047415.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{977DE4E5-2A85-4365-968C-036F68B0E61B}\RP250\A0094489.manifest Win32/TrojanDownloader.Tracur.F trojan


So is it clean? seems to work o.k.

Ronniewho.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:48 PM

Posted 14 July 2011 - 09:00 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Documents and Settings\Sue\Application Data\Sun\Java\Deployment\cache\6.0\1\30502701-627beb10 
C:\Documents and Settings\Sue\Application Data\Sun\Java\Deployment\cache\6.0\18\1b44c7d2-41a8996f 
C:\Documents and Settings\Sue\Application Data\Sun\Java\Deployment\cache\6.0\50\6bba7172-25993041 
C:\Documents and Settings\Sue\Application Data\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-3335a9d6 
C:\Documents and Settings\Sue\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\dajoaomilhbopbdbgmohaddbkjiejfin\contentscript.js 



Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT



Please post a fresh DDS and Attach.txt and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ronniewho

ronniewho
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 15 July 2011 - 09:59 PM

Hello Catbyte,
As requested, computer seems to run o.k. faster then it ever was.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Sue at 22:41:28 on 2011-07-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1398 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110614183138.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251303995375
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 156.154.119.11 156.154.129.11
TCP: Interfaces\{9E858D23-E9CB-4398-AD43-D57CF64DBD15} : DhcpNameServer = 156.154.119.11 156.154.129.11
TCP: Interfaces\{A863C25D-1206-4880-9D3A-CA9387B35140} : DhcpNameServer = 156.154.119.11 156.154.129.11
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sue\application data\mozilla\firefox\profiles\ea3w4zdd.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://us.mc1138.mail.yahoo.com/mc/welcome?.gx=1&.tm=1279368184&.rand=ats76nefrdc63
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-10 459728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-10 89368]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-26 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-9 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-10 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-10 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-10 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-10 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-10 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-10 148520]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2010-12-16 816672]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-10 57432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-26 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-10 179248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-10 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-10 83688]
S2 gupdate1ca42f4286be5f6;Google Update Service (gupdate1ca42f4286be5f6);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-10 59288]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-10 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-10 85984]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-12-18 724736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2011-07-14 21:15:49 -------- d-----w- c:\program files\ESET
2011-07-13 21:53:42 -------- d-sha-r- C:\cmdcons
2011-07-13 21:51:50 98816 ----a-w- c:\windows\sed.exe
2011-07-13 21:51:50 518144 ----a-w- c:\windows\SWREG.exe
2011-07-13 21:51:50 256000 ----a-w- c:\windows\PEV.exe
2011-07-13 21:51:50 208896 ----a-w- c:\windows\MBR.exe
2011-06-26 18:27:53 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-26 18:27:49 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 18:27:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-26 04:22:13 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-26 04:22:13 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-25 18:31:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-25 18:31:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-22 20:25:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2004-08-04 10:00:00 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
.
============= FINISH: 22:41:39.89 ===============




attach log to follow after I learn to use win zip

Thanks
Ronniewho

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:48 PM

Posted 15 July 2011 - 10:02 PM

you can post it if you wish or just right click the file > send to compressed (zipped) folder

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ronniewho

ronniewho
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 15 July 2011 - 10:05 PM

Hi Catbyte,

As requested.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/7/2010 7:26:59 PM
System Uptime: 7/15/2011 10:06:32 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 173.979 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP189: 4/15/2011 10:08:48 PM - System Checkpoint
RP190: 4/15/2011 10:13:41 PM - Software Distribution Service 3.0
RP191: 4/17/2011 9:50:26 PM - System Checkpoint
RP192: 4/18/2011 9:53:18 PM - System Checkpoint
RP193: 4/20/2011 3:29:28 PM - System Checkpoint
RP194: 4/21/2011 1:40:19 AM - Software Distribution Service 3.0
RP195: 4/22/2011 11:03:34 PM - System Checkpoint
RP196: 4/26/2011 3:57:58 PM - System Checkpoint
RP197: 5/1/2011 3:00:14 AM - Software Distribution Service 3.0
RP198: 5/4/2011 4:01:06 PM - System Checkpoint
RP199: 5/6/2011 10:19:50 AM - System Checkpoint
RP200: 5/7/2011 11:04:21 PM - System Checkpoint
RP201: 5/10/2011 12:03:39 PM - System Checkpoint
RP202: 5/11/2011 1:56:48 PM - System Checkpoint
RP203: 5/11/2011 11:08:01 PM - Software Distribution Service 3.0
RP204: 5/15/2011 3:22:06 AM - System Checkpoint
RP205: 5/16/2011 10:19:16 PM - System Checkpoint
RP206: 5/21/2011 2:53:29 AM - System Checkpoint
RP207: 5/22/2011 5:45:12 AM - System Checkpoint
RP208: 5/23/2011 7:35:01 AM - System Checkpoint
RP209: 5/24/2011 8:16:19 PM - System Checkpoint
RP210: 5/26/2011 10:25:48 PM - System Checkpoint
RP211: 5/28/2011 2:10:04 PM - System Checkpoint
RP212: 6/4/2011 4:28:38 AM - System Checkpoint
RP213: 6/5/2011 1:48:00 PM - System Checkpoint
RP214: 6/7/2011 6:21:42 AM - System Checkpoint
RP215: 6/8/2011 6:53:36 AM - System Checkpoint
RP216: 6/9/2011 5:28:23 PM - System Checkpoint
RP217: 6/10/2011 6:01:11 PM - System Checkpoint
RP218: 6/11/2011 7:00:06 PM - System Checkpoint
RP219: 6/12/2011 7:52:51 PM - System Checkpoint
RP220: 6/13/2011 7:56:29 PM - System Checkpoint
RP221: 6/14/2011 8:16:35 PM - System Checkpoint
RP222: 6/15/2011 8:39:21 PM - System Checkpoint
RP223: 6/15/2011 11:04:50 PM - Software Distribution Service 3.0
RP224: 6/17/2011 5:54:11 PM - System Checkpoint
RP225: 6/19/2011 10:38:47 AM - System Checkpoint
RP226: 6/19/2011 10:42:39 PM - Software Distribution Service 3.0
RP227: 6/20/2011 10:50:09 PM - System Checkpoint
RP228: 6/22/2011 8:16:02 AM - System Checkpoint
RP229: 6/23/2011 6:43:23 PM - System Checkpoint
RP230: 6/24/2011 7:06:06 PM - System Checkpoint
RP231: 6/25/2011 2:12:41 PM - Restore Operation
RP232: 6/26/2011 3:29:25 PM - System Checkpoint
RP233: 6/28/2011 4:42:50 PM - System Checkpoint
RP234: 6/29/2011 6:45:01 PM - System Checkpoint
RP235: 6/29/2011 9:46:08 PM - Software Distribution Service 3.0
RP236: 7/1/2011 7:22:41 AM - System Checkpoint
RP237: 7/2/2011 10:06:46 AM - System Checkpoint
RP238: 7/3/2011 11:14:21 AM - System Checkpoint
RP239: 7/4/2011 12:04:45 PM - System Checkpoint
RP240: 7/5/2011 6:13:19 PM - System Checkpoint
RP241: 7/6/2011 7:15:01 PM - System Checkpoint
RP242: 7/9/2011 11:43:26 AM - System Checkpoint
RP243: 7/9/2011 9:05:04 PM - Restore Operation
RP244: 7/9/2011 9:15:06 PM - Restore Operation
RP245: 7/9/2011 9:17:14 PM - Restore Operation
RP246: 7/9/2011 10:22:28 PM - Restore Operation
RP247: 7/10/2011 12:38:33 AM - Restore Operation
RP248: 7/10/2011 12:53:32 AM - Restore Operation
RP249: 7/11/2011 11:16:54 PM - System Checkpoint
RP250: 7/12/2011 9:42:12 PM - Software Distribution Service 3.0
RP251: 7/14/2011 7:16:50 PM - System Checkpoint
.
==== Installed Programs ======================
.
4 Elements
7 Wonders - Treasures of Seven
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
Atlantis
Bejeweled®
Big Fish Games: Game Manager
Bloxx It
Bonjour
Bookworm Adventures
Bookworm™ Adventures - The Monkey King
Bricks of Atlantis
Brunhilda and the Dark Crystal
Bugatron Worlds
Captain BubbleBeard's Treasure
Carbonite Online Backup Setup
Cisco Network Magic
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Dell Resource CD
Double Play - Family Feud™ I & II
Elf Bowling 7 1-7 - The Last Insult
Emerald Tale
Empress of the Deep - The Darkest Secret
ESET Online Scanner v3
Family Feud™ Battle of the Sexes
Feeding Frenzy 2
FizzBall
Free File Viewer 2010
GameHouse Games Manager
GameHouse Word Collection
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
HijackThis 1.99.1
Horatio's Travels
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
Hyperballoid
Incrediball The Seven Sapphires
Insaniquarium! Deluxe
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.12.0
iTunes
Java Auto Updater
Java™ 6 Update 21
Jewel Quest Mysteries - Trail of the Midnight Heart
LightScribe System Software 1.12.29.2
Liong - The Lost Amulets
LUXOR 5th Passage
LUXOR Adventures
Magic Ball 2
Magic Ball 4
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee AntiVirus Plus
McAfee Virtual Technician
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft WinUsb 1.0
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 5.0 (x86 en-US)
MSN
MSXML 4.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Network Magic
OverDrive Media Console
Paranormal Agency
Peggle™ Deluxe
Peggle™ Nights
Pure Networks Platform
QuickTime
Rainbow Web 2
RealArcade
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Robin's Quest - A Legend Born
Roxio Audio Module
Roxio Copy Module
Roxio Data Module
Roxio DLA
Roxio Express Labeler
Roxio MyDVD Plus
Roxio Update Manager
Royal Envoy™
Samantha Swift and the Fountains of Fate
Sandlot Games Client Services
SCRABBLE - Journey
SCRABBLE PLUS
Scuba in Aruba
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SKIP-BO Castaway Caper™
Sky Taxi
Slingo Quest
Smash Frenzy 4
Sonic Activation Module
Sters
Strike Ball 2
The Mystery of the Crystal Portal
The Price is Right 2010 Edition™
The Rise of Atlantis
The Treasures of Montezuma 2
Trapped
Trivia Machine
Tropix
Tropix™ 2 - The Quest For the Golden Banana
Turtle Odyssey 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 8.0 CRT (x86) WinSXS MSM
Web Games Player Plugin
WebEx Support Manager for Internet Explorer
WebFldrs XP
Wheel of Fortune 2
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows XP Service Pack 3
Word Slinger
Zuma's Revenge!™ - Adventure
Zuma Deluxe
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 11:50:29 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/9/2011 10:24:27 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/9/2011 10:24:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
7/9/2011 10:24:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
7/9/2011 10:22:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2011 10:22:49 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2011 10:21:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/9/2011 10:21:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/9/2011 10:13:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/14/2011 11:01:47 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
7/14/2011 11:01:47 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\resources\themes\luna\luna.msstyles could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
7/13/2011 12:06:02 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\msi.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
7/10/2011 3:59:28 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:48 PM

Posted 15 July 2011 - 10:23 PM

Hi

Just some housekeeping to do now,

Please do the following:


Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 21 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT


You can delete the DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 ronniewho

ronniewho
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 17 July 2011 - 10:04 PM

Hi Catbyte,
I have done all that you asked, I could not install adobe, it would not finish the install.please advise.
Thanks
Ronniewho

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:48 PM

Posted 18 July 2011 - 06:10 AM

Hi

Use Revo uninstaller to remove all traces of Adobe Reader, then download again and try the installation again.

Make certain all other programs are closed while installing, if it wont install in normal mode, try safe mode:

Download and install the Revo Uninstaller
  • Double click the new Revo Uninstaller icon on your desktop to start the program
  • Scroll through the listed programs and Right Click on the program you wish to uninstall (Adobe Reader)
  • From the pop out menu choose Uninstall
  • Click Yes to the confirmation dialogue
  • In the next window select the Advanced mode
  • Click Next to start uninstalling the program
  • Answer Yes to confirm the uninstall
  • When the program has completed the four steps, click Next to allow the program to search for leftovers
  • Once complete, click Next, then Finish
  • Repeat the above steps for any other programs you wish to remove.


To enter safe mode > reboot and begin tapping F8 until an options menu appears > arrow up to safe mode.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 ronniewho

ronniewho
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 19 July 2011 - 07:56 PM

Hi Catbyte,
This seems simple, should be no problem, right.... Used the unstaller,removed adboe reader, still can not install the version. should I unstall all adobe products?

Thanks

Ronniewho.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:48 PM

Posted 19 July 2011 - 08:28 PM

Yes,

Use Revo uninstaller to remove all the Adobe products, then search in your Program Files and delete any Adobe folders you find, then start over again reinstalling the Adobe products.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 ronniewho

ronniewho
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 19 July 2011 - 08:59 PM

Hi Catbyte,
I'm not sure what to say. used the uninstaller and removed all adobe products, deleted the adobe folder from the program files folder, still will not install, stops at 33% and says config failed. How do you kill Mcafee? I only shut off realtime scaning, should I shut off all of it? fire wall and everything else related to mcafee?

Ronniewho.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users