1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive-A XP computer has a lot of popups and is very slow

Discussion in 'Malware and Virus Removal Archive' started by tylerho, 2011/12/05.

  1. 2011/12/05
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    [Inactive-A] XP computer has a lot of popups and is very slow

    This computer is very slow during startup and browsing basic web pages. It seems to have a lot of popups and other suspicious acitivites. I am thinking it may have a few viruses. Below i have attached the HiJack This log. Please let me know if you need anything else. Thank you.

    [HJT log removed by Broni]
     
    Last edited by a moderator: 2011/12/05
    tylerho,
    #1
  2. 2011/12/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #2


  3. to hide this advert.

  4. 2011/12/09
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8331

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/7/2011 8:32:09 PM
    mbam-log-2011-12-07 (20-32-03).txt

    Scan type: Quick scan
    Objects scanned: 258118
    Time elapsed: 16 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 4
    Registry Data Items Infected: 5
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> No action taken.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    tylerho,
    #3
  5. 2011/12/09
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0
    Running: cf8b8pi1.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\uwqdqpow.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7BB04C0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7BB04D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7BB0500]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7BB0556]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7BB04AC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7BB0484]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7BB0498]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7BB04EA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7BB052C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7BB0516]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7BB0580]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7BB056C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7BB0540]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB892DF80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01290000
    .text C:\WINDOWS\Explorer.EXE[212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01290FDB
    .text C:\WINDOWS\Explorer.EXE[212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01290011
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 022A0FEF
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 022A0096
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 022A007B
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 022A0060
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 022A0F97
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 022A0FB2
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 022A0F75
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 022A00B1
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 022A00DF
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 022A0F50
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 022A00F0
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 022A0039
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 022A0FD4
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 022A0F86
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 022A0FC3
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 022A000A
    .text C:\WINDOWS\Explorer.EXE[212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 022A00CE
    .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02290040
    .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0229006C
    .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02290025
    .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02290FEF
    .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02290FAF
    .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0229000A
    .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02290051
    .text C:\WINDOWS\Explorer.EXE[212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02290FD4
    .text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02090069
    .text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!system 77C293C7 5 Bytes JMP 02090058
    .text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02090FEF
    .text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0209000C
    .text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02090FDE
    .text C:\WINDOWS\Explorer.EXE[212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0209001D
    .text C:\WINDOWS\Explorer.EXE[212] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 012B0000
    .text C:\WINDOWS\Explorer.EXE[212] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 012B0011
    .text C:\WINDOWS\Explorer.EXE[212] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 012B002C
    .text C:\WINDOWS\Explorer.EXE[212] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 012B0047
    .text C:\WINDOWS\Explorer.EXE[212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012C0000
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FDB
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002700B1
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002700A0
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270085
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FBC
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270043
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F86
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700CE
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0027010B
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700FA
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F61
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0027005E
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270FA1
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FCD
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270014
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700E9
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F83
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0036000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F94
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360040
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0280BFB0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0280C310 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0280C220 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 0280C130 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0280C490 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 0280B290 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 0280C570 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 0280B3F0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370FAD
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FC8
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FE3
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370038
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037001D
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0119000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 0119001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01190FDB
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01190036
    .text C:\Program Files\Internet Explorer\iexplore.exe[444] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01FB0FEF
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00900FEF
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00900FCD
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00900FDE
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F72
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F83
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF005D
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F9E
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0036
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00A4
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0093
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F15
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F26
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00D3
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0FAF
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF001B
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0082
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FD4
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FEF
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F41
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0FB2
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE004A
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FC3
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FD4
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0F83
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BE002F
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE001E
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930FB7
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930042
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FD2
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0093000C
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930027
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930FEF
    .text C:\WINDOWS\system32\svchost.exe[456] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00910FEF
    .text C:\WINDOWS\system32\svchost.exe[456] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 0091000A
    .text C:\WINDOWS\system32\svchost.exe[456] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00910FCA
    .text C:\WINDOWS\system32\svchost.exe[456] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00910FB9
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920000
    .text C:\WINDOWS\system32\services.exe[1080] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01320000
    .text C:\WINDOWS\system32\services.exe[1080] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01320FDB
    .text C:\WINDOWS\system32\services.exe[1080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01320011
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01360000
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01360F88
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0136007D
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0136006C
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0136005B
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01360025
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01360F5C
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01360F6D
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013600E4
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01360F4B
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01360F30
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0136004A
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01360FE5
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0136008E
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01360FB9
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01360FD4
    .text C:\WINDOWS\system32\services.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 013600BF
    .text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01350040
    .text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01350065
    .text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0135001B
    .text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01350000
    .text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!RegCreateKeyExA
     
    tylerho,
    #4
  6. 2011/12/09
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    .text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01350FE5
    .text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01350FC3
    .text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 89]
    .text C:\WINDOWS\system32\services.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01350FD4
    .text C:\WINDOWS\system32\services.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0134005F
    .text C:\WINDOWS\system32\services.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 01340044
    .text C:\WINDOWS\system32\services.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01340033
    .text C:\WINDOWS\system32\services.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0134000C
    .text C:\WINDOWS\system32\services.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01340FD4
    .text C:\WINDOWS\system32\services.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01340FEF
    .text C:\WINDOWS\system32\services.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01330000
    .text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE001B
    .text C:\WINDOWS\system32\lsass.exe[1092] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE0FE5
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F10FE5
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F10065
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F10F7A
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F10F97
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F10FA8
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F10036
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F1009D
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F10F4B
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F100DA
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F100BF
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F100EB
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F10FB9
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F1000A
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F10076
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F10FCA
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F1001B
    .text C:\WINDOWS\system32\lsass.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F100AE
    .text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F00FCA
    .text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F00069
    .text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F00FE5
    .text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F00011
    .text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F00058
    .text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F00000
    .text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F00047
    .text C:\WINDOWS\system32\lsass.exe[1092] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F00036
    .text C:\WINDOWS\system32\lsass.exe[1092] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EF0FB0
    .text C:\WINDOWS\system32\lsass.exe[1092] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EF0031
    .text C:\WINDOWS\system32\lsass.exe[1092] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EF0FC1
    .text C:\WINDOWS\system32\lsass.exe[1092] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EF0FEF
    .text C:\WINDOWS\system32\lsass.exe[1092] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EF0016
    .text C:\WINDOWS\system32\lsass.exe[1092] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EF0FD2
    .text C:\WINDOWS\system32\lsass.exe[1092] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EE0000
    .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0000
    .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0FC0
    .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0FDB
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FE5
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F5F
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F70
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0F81
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F9E
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0040
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F3D
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0079
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00A7
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F0E
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00C2
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0FB9
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FD4
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F4E
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0025
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF000A
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0096
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0F9E
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0F54
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FB9
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FDE
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE001B
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BE000A
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0F8D
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0031
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FA6
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0016
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FC1
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FD2
    .text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0000
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E00FEF
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E00014
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E00FDE
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40000
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40F63
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40058
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40F7E
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E40047
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40FA5
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F2B
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E40F3C
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40F06
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E4009F
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E40EF5
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E40036
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E40FE5
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E40073
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E40011
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E40FCA
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E40084
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E30FCA
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E30F94
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E30FE5
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E3001B
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E30FA5
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E30000
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E30047
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E30036
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E20FAB
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E20FBC
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E20011
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20000
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E20022
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E20FE3
    .text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10000
    .text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02720FEF
    .text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02720FD4
    .text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02720014
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02C10FEF
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02C10F4D
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02C10F5E
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02C10F79
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02C10036
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02C10025
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02C1008E
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02C10F3C
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02C100BA
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02C10F21
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02C100CB
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02C10F94
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02C10FD4
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02C10067
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02C10FB9
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02C1000A
    .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02C1009F
    .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02C00FCA
    .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02C00051
    .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02C00FDB
    .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02C00011
    .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02C00036
    .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02C00000
    .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02C00F94
    .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E0, 8A] {LOOPNZ 0xffffffffffffff8c}
    .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02C00FAF
    .text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02BF0F9C
    .text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!system 77C293C7 5 Bytes JMP 02BF0027
    .text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02BF000C
    .text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02BF0FE3
    .text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02BF0FC1
    .text C:\WINDOWS\System32\svchost.exe[1536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02BF0FD2
    .text C:\WINDOWS\System32\svchost.exe[1536] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02BE000A
    .text C:\WINDOWS\System32\svchost.exe[1536] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 02870000
    .text C:\WINDOWS\System32\svchost.exe[1536] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 02870011
    .text C:\WINDOWS\System32\svchost.exe[1536] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 02870022
    .text C:\WINDOWS\System32\svchost.exe[1536] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 02870FD1
    .text C:\WINDOWS\system32\svchost.exe[1580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00750000
    .text C:\WINDOWS\system32\svchost.exe[1580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00750FCA
    .text C:\WINDOWS\system32\svchost.exe[1580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00750FDB
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790000
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00790F30
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00790F4B
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00790F68
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [83]
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790F79
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790FA5
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790067
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0079004C
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00790089
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00790078
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00790EDF
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00790F94
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00790011
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00790F15
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00790FC0
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00790FDB
    .text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00790F04
    .text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00780036
    .text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00780F94
    .text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00780025
    .text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00780FEF
    .text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00780FAF
    .text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00780000
    .text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00780FCA
    .text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [98, 88]
    .text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00780051
    .text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0077003B
    .text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!system 77C293C7 5 Bytes JMP 00770FB0
    .text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00770FD2
    .text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00770000
    .text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00770FC1
    .text C:\WINDOWS\system32\svchost.exe[1580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00770FE3
    .text C:\WINDOWS\system32\svchost.exe[1580] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00760000
    .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0099000A
    .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990FE5
    .text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099001B
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A10FEF
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A1007F
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A10F8A
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1006E
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A10051
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A10FAF
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A100AD
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A1009C
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A10F2F
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A100D2
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A10F1E
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A10036
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A1000A
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A10F6F
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A10FCA
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A1001B
    .text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A10F54
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C002F
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0FA8
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0014
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0FDE
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0065
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0FEF
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009C0040
    .text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0FB9
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0F92
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0FAD
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B001D
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B000C
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0FBE
    .text C:\WINDOWS\system32\svchost.exe[1672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FEF
    .text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270093
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F94
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0027006E
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FA5
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB6
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F83
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700CB
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F43
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F54
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700ED
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0027003D
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270011
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002700A4
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FD1
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270022
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700DC
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F8D
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 0489BDE0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 0489BD20 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 0489BBA0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 0489BC60 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0489BFB0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0489C310 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0489C220 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 0489C130 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0489C490 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 0489B290 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 0489C570 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 0489B3F0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370FA3
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FBE
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0037001D
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FE3
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0037002E
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 009E0FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 009E0FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 009E0FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 009E0014
    .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A3000A
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
     
    tylerho,
    #5
  7. 2011/12/09
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270042
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F4D
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F68
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F83
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0027007A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270069
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270EFC
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270095
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270EEB
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F32
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270025
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270014
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F17
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F72
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360014
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F8D
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0036002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0821BFB0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0821C310 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0821C220 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 0821C130 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0821C490 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 0821B290 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 0821C570 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 0821B3F0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F90
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FA1
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370011
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FD2
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01190000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01190FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01190FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01190FCD
    .text C:\Program Files\Internet Explorer\iexplore.exe[2560] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01FB0000
    .text C:\WINDOWS\system32\dllhost.exe[2816] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
    .text C:\WINDOWS\system32\dllhost.exe[2816] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009002C
    .text C:\WINDOWS\system32\dllhost.exe[2816] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090011
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0FAD
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0098
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0087
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B006C
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0040
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F8B
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00D3
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0109
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00F8
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F4B
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B005B
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FEF
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F9C
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FD4
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B001B
    .text C:\WINDOWS\system32\dllhost.exe[2816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F7A
    .text C:\WINDOWS\system32\dllhost.exe[2816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F9E
    .text C:\WINDOWS\system32\dllhost.exe[2816] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0033
    .text C:\WINDOWS\system32\dllhost.exe[2816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FD4
    .text C:\WINDOWS\system32\dllhost.exe[2816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
    .text C:\WINDOWS\system32\dllhost.exe[2816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FC3
    .text C:\WINDOWS\system32\dllhost.exe[2816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A000C
    .text C:\WINDOWS\system32\dllhost.exe[2816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FD4
    .text C:\WINDOWS\system32\dllhost.exe[2816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0F8D
    .text C:\WINDOWS\system32\dllhost.exe[2816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0025
    .text C:\WINDOWS\system32\dllhost.exe[2816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FE5
    .text C:\WINDOWS\system32\dllhost.exe[2816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0FA8
    .text C:\WINDOWS\system32\dllhost.exe[2816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
    .text C:\WINDOWS\system32\dllhost.exe[2816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0FC3
    .text C:\WINDOWS\system32\dllhost.exe[2816] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
    .text C:\WINDOWS\system32\dllhost.exe[2816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B004A
    .text C:\WINDOWS\system32\dllhost.exe[2816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A80FEF
    .text C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B60000
    .text C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60FCA
    .text C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B60FE5
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0F52
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F63
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0047
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0036
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FAF
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F41
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0089
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD00C6
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00B5
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0F08
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0F94
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FE5
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD006C
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FC0
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0011
    .text C:\WINDOWS\system32\svchost.exe[2828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD00A4
    .text C:\WINDOWS\system32\svchost.exe[2828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FBC
    .text C:\WINDOWS\system32\svchost.exe[2828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC004A
    .text C:\WINDOWS\system32\svchost.exe[2828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0FCD
    .text C:\WINDOWS\system32\svchost.exe[2828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FDE
    .text C:\WINDOWS\system32\svchost.exe[2828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0039
    .text C:\WINDOWS\system32\svchost.exe[2828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\svchost.exe[2828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0028
    .text C:\WINDOWS\system32\svchost.exe[2828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0FAB
    .text C:\WINDOWS\system32\svchost.exe[2828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB006E
    .text C:\WINDOWS\system32\svchost.exe[2828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0053
    .text C:\WINDOWS\system32\svchost.exe[2828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0038
    .text C:\WINDOWS\system32\svchost.exe[2828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0000
    .text C:\WINDOWS\system32\svchost.exe[2828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0FE3
    .text C:\WINDOWS\system32\svchost.exe[2828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB001D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FDB
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F9C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270087
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270076
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270065
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700C2
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F70
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700FF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700E4
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270110
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F81
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270040
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270025
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700D3
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360FA5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360058
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0036003D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0280BFB0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0280C310 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0280C220 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 0280C130 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0280C490 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 0280B290 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 0280C570 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 0280B3F0 C:\Documents and Settings\Michael\Local Settings\Application Data\Productivity_3\tbProd.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370047
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FB2
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD7
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370022
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370011
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01190FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01190014
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01190025
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01190FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01FC0FEF

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\WINDOWS\system32\mfevtps.exe[2464] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4B0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\WINDOWS\system32\mfevtps.exe[2464] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A510] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4564] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     
    tylerho,
    #6
  8. 2011/12/09
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-09 10:13:01
    -----------------------------
    10:13:02.015 OS Version: Windows 5.1.2600 Service Pack 3
    10:13:02.015 Number of processors: 1 586 0x304
    10:13:02.047 ComputerName: MICHAEL-91D5F5B UserName: Michael
    10:13:25.449 Initialize success
    10:13:56.865 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    10:13:56.865 Disk 0 Vendor: WDC_WD16 01.0 Size: 152587MB BusType: 3
    10:13:56.943 Disk 0 MBR read successfully
    10:13:56.943 Disk 0 MBR scan
    10:13:56.943 Disk 0 Windows XP default MBR code
    10:13:57.006 Disk 0 scanning sectors +312480315
    10:13:57.834 Disk 0 scanning C:\WINDOWS\system32\drivers
    10:15:46.845 Service scanning
    10:15:48.345 Modules scanning
    10:17:34.264 Disk 0 trace - called modules:
    10:17:34.310 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    10:17:34.342 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa7eab8]
    10:17:34.342 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8aa67030]
    10:17:34.373 Scan finished successfully
    10:20:40.511 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat "
    10:20:40.636 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt "

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Michael at 10:21:42 on 2011-12-09
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.775 [GMT -6:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
    C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    svchost.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=17
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = http=127.0.0.1:50370
    uURLSearchHooks: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbPro0.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbPro0.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111113134242.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
    BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
    BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
    TB: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbPro0.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe "
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE "
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
    mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe "
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [StartNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe "
    mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\michael\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.bepc.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
    TCP: Interfaces\{34F22191-6A95-4E30-96C8-06CB7E3A6952} : DhcpNameServer = 24.220.0.10 24.220.0.11
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-21 464176]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-21 89792]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-8-23 152064]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-8-23 49152]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-2-24 94880]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-21 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-21 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-21 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-21 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-21 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-21 150856]
    R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-8-23 246936]
    R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-21 57600]
    R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2010-3-9 673600]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-21 180816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-21 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-21 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-21 83856]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-21 87656]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2152152]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-21 83856]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    .
    =============== Created Last 30 ================
    .
    2011-12-08 02:32:37 54016 ----a-w- c:\windows\system32\drivers\sgui.sys
    2011-12-08 01:47:24 -------- d-----w- c:\documents and settings\michael\application data\Malwarebytes
    2011-12-08 01:47:08 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
    2011-12-08 01:47:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-08 01:47:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-06 01:16:10 388096 ----a-r- c:\documents and settings\michael\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-12-06 01:16:06 -------- d-----w- c:\program files\Trend Micro
    2011-11-17 03:18:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-11-17 02:07:59 -------- d-----w- c:\documents and settings\all users.windows\application data\Spybot - Search & Destroy
    .
    ==================== Find3M ====================
    .
    2011-10-18 20:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe
    2011-10-16 19:17:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-15 19:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-10-15 19:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-10-15 19:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-10-15 19:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-10-15 19:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-10-15 19:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-10-15 19:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-10-15 19:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-10-15 19:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-10-15 19:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 10:28:37.98 ===============
     
    tylerho,
    #7
  9. 2011/12/09
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/22/2010 7:21:52 PM
    System Uptime: 12/7/2011 7:32:38 PM (39 hours ago)
    .
    Motherboard: Dell Inc. | | 0U7077
    Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3392/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 115.08 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: TI Technologies Inc.
    Description: RADEON X300 Series Secondary
    Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108
    Manufacturer: ATI Technologies Inc.
    Name: RADEON X300 Series Secondary
    PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108
    Service: ati2mtag
    .
    ==== System Restore Points ===================
    .
    RP495: 8/24/2011 9:08:13 PM - Software Distribution Service 3.0
    RP496: 8/25/2011 9:09:56 PM - System Checkpoint
    RP497: 9/6/2011 8:21:10 PM - System Checkpoint
    RP498: 9/6/2011 9:26:42 PM - Software Distribution Service 3.0
    RP499: 9/16/2011 10:28:15 PM - Software Distribution Service 3.0
    RP500: 9/22/2011 5:53:48 PM - System Checkpoint
    RP501: 9/23/2011 7:42:36 PM - System Checkpoint
    RP502: 9/28/2011 9:48:33 PM - Software Distribution Service 3.0
    RP503: 10/6/2011 5:52:11 PM - Installed Ad-Aware
    RP504: 10/6/2011 5:54:06 PM - Installed Ad-Aware
    RP505: 10/9/2011 6:48:47 PM - System Checkpoint
    RP506: 10/10/2011 8:32:33 PM - System Checkpoint
    RP507: 10/13/2011 10:05:12 PM - Software Distribution Service 3.0
    RP508: 10/18/2011 3:53:51 PM - System Checkpoint
    RP509: 10/19/2011 4:16:09 PM - System Checkpoint
    RP510: 10/20/2011 5:17:13 PM - System Checkpoint
    RP511: 10/23/2011 8:26:03 PM - System Checkpoint
    RP512: 10/27/2011 4:45:35 PM - System Checkpoint
    RP513: 10/28/2011 5:18:55 PM - System Checkpoint
    RP514: 10/29/2011 5:58:32 PM - System Checkpoint
    RP515: 10/31/2011 4:08:20 PM - System Checkpoint
    RP516: 11/10/2011 3:01:06 AM - Software Distribution Service 3.0
    RP517: 11/10/2011 9:48:29 PM - Software Distribution Service 3.0
    RP518: 11/16/2011 8:38:42 PM - Removed Bing Bar
    RP519: 11/16/2011 8:47:23 PM - Removed Ad-Aware
    RP520: 11/19/2011 11:17:17 AM - System Checkpoint
    RP521: 12/5/2011 7:16:03 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Ad-Aware
    Adobe Flash Player 11 ActiveX
    Adobe Reader 7.1.0
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Belkin Setup and Router Monitor
    Belkin USB Print and Storage Center
    Broadcom Gigabit Integrated Controller
    Canon Camera Access Library
    Canon DIGITAL CAMERA Solution Disk Software Guide
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Personal Printing Guide
    Canon PowerShot SX120 IS Camera User Guide
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC 8
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Conexant D850 56K V.9x DFVc Modem
    Creative MediaSource
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Photo AIO Printer 922
    Dell ResourceCD
    Digital Line Detect
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Juniper Networks Host Checker
    Juniper Networks, Inc. Setup Client
    Juniper Terminal Services Client
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.2.1300
    McAfee AntiVirus Plus
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    MSN
    MSVCRT
    MSXML 6.0 Parser (KB925673)
    Otto
    PowerDVD 5.3
    Productivity 3 Toolbar
    Rhapsody
    Rhapsody Player Engine
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Excel 2010 (KB2553070)
    Security Update for Microsoft InfoPath 2010 (KB2510065)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Simppull Toolbar (Remove Toolbar Only)
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    StartNow Toolbar
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Video Mover
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format Runtime
    Windows Presentation Foundation
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    Xvid 1.2.2 final uninstall
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/7/2011 7:33:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    12/7/2011 7:33:15 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    12/5/2011 7:13:10 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 00111199140D has been denied by the DHCP server 10.54.1.130 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
    tylerho,
    #8
  10. 2011/12/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Your MBAM log says "No action taken ".
    Re-run MBAM, FIX all issues and post new log.

    When done...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
  11. 2011/12/11
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8331

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/10/2011 1:00:15 PM
    mbam-log-2011-12-10 (13-00-15).txt

    Scan type: Quick scan
    Objects scanned: 258226
    Time elapsed: 14 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    tylerho,
    #10
  12. 2011/12/11
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    ComboFix 11-12-10.01 - Michael 12/11/2011 13:02:14.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1378 [GMT -6:00]
    Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\Michael\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
    c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    c:\documents and settings\Michael\Application Data\PriceGong
    c:\documents and settings\Michael\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\2229.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\2247.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\4436.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\4489.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\450.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\83.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\8963.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Michael\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\Michael\Application Data\PriceGong\Data\z.txt
    c:\documents and settings\Michael\Local Settings\Temp\1.tmp\F_IN_BOX.dll
    c:\documents and settings\Michael\My Documents\~WRL3702.tmp
    c:\program files\StartNow Toolbar
    c:\program files\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files\StartNow Toolbar\Resources\installer.xml
    c:\program files\StartNow Toolbar\Resources\protect\index.html
    c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files\StartNow Toolbar\Resources\protect\window.css
    c:\program files\StartNow Toolbar\Resources\protect\window.js
    c:\program files\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files\StartNow Toolbar\Resources\skin\separator.png
    c:\program files\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files\StartNow Toolbar\Resources\toolbar.xml
    c:\program files\StartNow Toolbar\Resources\update.xml
    c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files\StartNow Toolbar\ToOLbar32.dll
    c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files\StartNow Toolbar\uninstall.dat
    c:\windows\system32\drivers\etc\lmhosts
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_Updater_Service_for_StartNow_Toolbar
    -------\Legacy_Updater_Service_for_StartNow_Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-10 09:05 . 2011-12-10 09:05 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft Help
    2011-12-08 01:47 . 2011-12-08 01:47 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
    2011-12-08 01:47 . 2011-12-08 01:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2011-12-08 01:47 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-08 01:47 . 2011-12-08 01:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-06 01:16 . 2011-12-06 01:16 388096 ----a-r- c:\documents and settings\Michael\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-12-06 01:16 . 2011-12-06 01:16 -------- d-----w- c:\program files\Trend Micro
    2011-11-17 03:18 . 2011-08-18 02:20 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-11-17 02:07 . 2011-11-17 02:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 20:32 . 2010-12-22 02:22 150856 ----a-w- c:\windows\system32\mfevtps.exe
    2011-10-16 19:17 . 2011-09-07 02:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-15 19:16 . 2010-12-22 02:22 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-10-15 19:16 . 2010-12-22 02:22 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-10-15 19:16 . 2010-12-22 02:22 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-10-15 19:16 . 2010-12-22 02:22 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-10-15 19:16 . 2010-12-22 02:22 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-10-15 19:16 . 2010-12-22 02:22 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-10-15 19:16 . 2010-12-22 02:22 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-10-15 19:16 . 2010-12-22 02:22 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-10-15 19:16 . 2010-12-22 02:22 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-10-15 19:16 . 2010-12-22 02:22 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-10 14:22 . 2010-02-23 01:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2004-08-10 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2004-08-10 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1fca4df8-9acd-4dfb-89cc-ddd0082fc588} "= "c:\program files\Productivity_3\prxtbPro0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\Productivity_3\prxtbPro0.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{627af46b-2076-42ae-a2fd-8428734d3e74}]
    2010-02-10 16:36 86016 ----a-w- c:\program files\simppulltoolbar\simppulldx.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
    2009-10-20 15:50 258008 ----a-w- c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{627af46b-2076-42ae-a2fd-8428734d3e74} "= "c:\program files\simppulltoolbar\simppulldx.dll" [2010-02-10 86016]
    "{1fca4df8-9acd-4dfb-89cc-ddd0082fc588} "= "c:\program files\Productivity_3\prxtbPro0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{627af46b-2076-42ae-a2fd-8428734d3e74}]
    .
    [HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} "= "c:\program files\Productivity_3\prxtbPro0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-01 68856]
    "OfficeSyncProcess "= "c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
    "Dell Photo AIO Printer 922 "= "c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
    "DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "UpdateManager "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
    "InstaLAN "= "c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
    .
    c:\documents and settings\Michael\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-23 24576]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE "=
    "c:\\Program Files\\Rhapsody\\rhapsody.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19540:UDP "= 19540:UDP:SXUPTP
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/21/2010 8:22 PM 89792]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [8/23/2011 5:52 PM 152064]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [8/23/2011 5:52 PM 49152]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/21/2011 1:59 PM 2152152]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/24/2010 7:05 PM 94880]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 8:22 PM 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 8:22 PM 214904]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/21/2010 8:22 PM 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/21/2010 8:22 PM 150856]
    R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [8/23/2011 5:45 PM 246936]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/21/2010 8:22 PM 57600]
    R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [3/9/2010 6:54 PM 673600]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/21/2010 8:22 PM 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/21/2010 8:22 PM 83856]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:38 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:38 PM 135664]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [7/21/2011 1:59 PM 15232]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/21/2010 8:22 PM 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/21/2010 8:22 PM 87656]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 10:15 AM 31125880]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 07:40]
    .
    2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 01:38]
    .
    2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 01:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=17
    uInternet Connection Wizard,ShellNext = iexplore
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
    Toolbar-Locked - (no file)
    HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    HKLM-Run-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
    AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-11 13:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(552)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\windows\system32\CTsvcCDA.EXE
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
    c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
    c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\rundll32.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-11 13:25:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-11 19:25
    .
    Pre-Run: 129,666,772,992 bytes free
    Post-Run: 130,494,840,832 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 3A3F6F1DEECD64325BECF6A5CEE0259E
     
    tylerho,
    #11
  13. 2011/12/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good now.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #12

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...